%0 Conference Proceedings
%T A Forensic Methodology for Software-Defined Network Switches
%+ University of South Florida [Tampa] (USF)
%A Chin, Tommy
%A Xiong, Kaiqi
%Z Part 3: Network and Cloud Forensics
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 13th IFIP International Conference on Digital Forensics (DigitalForensics)
%C Orlando, FL, United States
%Y Gilbert Peterson
%Y Sujeet Shenoi
%I Springer International Publishing
%3 Advances in Digital Forensics XIII
%V AICT-511
%P 97-110
%8 2017-01-30
%D 2017
%R 10.1007/978-3-319-67208-3_6
%K Software-defined networks
%K Incident response
%K Forensics
%K Switches
%Z Computer Science [cs]Conference papers
%X This chapter presents a forensic methodology for computing systems in a software-defined networking environment that consists of an application plane, control plane and data plane. The methodology involves a forensic examination of the software-defined networking infrastructure from the perspective of a switch. Memory images of a live switch and southbound communications are leveraged to enable forensic investigators to identify and locate potential evidence for triage in real time. The methodology is evaluated using a real-world testbed exposed to network attacks. The experimental results demonstrate the effectiveness of the methodology for forensic investigations of software-defined networking infrastructures.
%G English
%Z TC 11
%Z WG 11.9
%2 https://inria.hal.science/hal-01716399/document
%2 https://inria.hal.science/hal-01716399/file/456364_1_En_6_Chapter.pdf
%L hal-01716399
%U https://inria.hal.science/hal-01716399
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-DF
%~ IFIP-WG11-9
%~ IFIP-AICT-511