Comparative Analysis of Network Forensic Tools on Different Operating Systems

2021 ◽  
Author(s):  
Damir Delija ◽  
Ivan Mohenski ◽  
Goran Sirovatka
Keyword(s):  
Comparative Analysis ◽  
Operating Systems ◽  
Forensic Tools ◽  
Network Forensic

scholarly journals Comparative Analysis of Network Forensic Tools and Network Forensics Processes

2021 ◽  
Author(s):  
Fahad M Ghabban ◽  
Ibrahim M Alfadli ◽  
Omair Ameerbakhsh ◽  
Amer Nizar AbuAli ◽  
Arafat Al-Dhaqm ◽  
...  
Keyword(s):  
Comparative Analysis ◽  
Network Forensics ◽  
Forensic Tools ◽  
Network Forensic

scholarly journals Address Space Layout Randomization Comparative Analysis on Windows 10 and Ubuntu 18.04 LTS

2021 ◽  
Vol 7 (1) ◽  
pp. 26
Author(s):  
Raquel Vázquez Díaz ◽  
Martiño Rivera-Dourado ◽  
Rubén Pérez-Jove ◽  
Pilar Vila Avendaño ◽  
José M. Vázquez-Naya
Keyword(s):  
Operating System ◽  
Comparative Analysis ◽  
Operating Systems ◽  
Memory Management ◽  
Address Space ◽  
Memory Protection ◽  
Partial Correlations ◽  
Feature Memory ◽  
Space Layout ◽  
Address Space Layout Randomization

Memory management is one of the main tasks of an Operating System, where the data of each process running in the system is kept. In this context, there exist several types of attacks that exploit memory-related vulnerabilities, forcing Operating Systems to feature memory protection techniques that make difficult to exploit them. One of these techniques is ASLR, whose function is to introduce randomness into the virtual address space of a process. The goal of this work was to measure, analyze and compare the behavior of ASLR on the 64-bit versions of Windows 10 and Ubuntu 18.04 LTS. The results have shown that the implementation of ASLR has improved significantly on these two Operating Systems compared to previous versions. However, there are aspects, such as partial correlations or a frequency distribution that is not always uniform, so it can still be improved.

scholarly journals Comparative analysis of the essential CPU scheduling algorithms

2021 ◽  
Vol 10 (5) ◽  
pp. 2742-2750
Author(s):  
Hoger K. Omar ◽  
Kamal H. Jihad ◽  
Shalau F. Hussein
Keyword(s):  
Comparative Analysis ◽  
Operating Systems ◽  
Waiting Times ◽  
Stable State ◽  
Scheduling Algorithms ◽  
High Rate ◽  
Cpu Scheduling ◽  
Significant Function ◽  
Cpu Utilization ◽  
Maximum Utilization

CPU scheduling algorithms have a significant function in multiprogramming operating systems. When the CPU scheduling is effective a high rate of computation could be done correctly and also the system will maintain in a stable state. As well as, CPU scheduling algorithms are the main service in the operating systems that fulfill the maximum utilization of the CPU. This paper aims to compare the characteristics of the CPU scheduling algorithms towards which one is the best algorithm for gaining a higher CPU utilization. The comparison has been done between ten scheduling algorithms with presenting different parameters, such as performance, algorithm’s complexity, algorithm’s problem, average waiting times, algorithm’s advantages-disadvantages, allocation way, etc. The main purpose of the article is to analyze the CPU scheduler in such a way that suits the scheduling goals. However, knowing the algorithm type which is most suitable for a particular situation by showing its full properties.

scholarly journals Analysis of Challenges in Modern Network Forensic Framework

2021 ◽  
Vol 2021 ◽  
pp. 1-13
Author(s):  
Sirajuddin Qureshi ◽  
Jianqiang Li ◽  
Faheem Akhtar ◽  
Saima Tunio ◽  
Zahid Hussain Khand ◽  
...  
Keyword(s):  
Network Security ◽  
Data Privacy ◽  
Data Extraction ◽  
False Negative ◽  
Network Forensics ◽  
Negative Results ◽  
False Negative Results ◽  
Forensic Tools ◽  
Space Data ◽  
Network Forensic

Network forensics can be an expansion associated with network security design which typically emphasizes avoidance and detection of community assaults. It covers the necessity for dedicated investigative abilities. When you look at the design, this indeed currently allows investigating harmful behavior in communities. It will help organizations to examine external and community this is undoubtedly around. It is also important for police force investigations. Network forensic techniques can be used to identify the source of the intrusion and the intruder’s location. Forensics can resolve many cybercrime cases using the methods of network forensics. These methods can extract intruder’s information, the nature of the intrusion, and how it can be prevented in the future. These techniques can also be used to avoid attacks in near future. Modern network forensic techniques face several challenges that must be resolved to improve the forensic methods. Some of the key challenges include high storage speed, the requirement of ample storage space, data integrity, data privacy, access to IP address, and location of data extraction. The details concerning these challenges are provided with potential solutions to these challenges. In general, the network forensic tools and techniques cannot be improved without addressing these challenges of the forensic network. This paper proposed a thematic taxonomy of classifications of network forensic techniques based on extensive. The classification has been carried out based on the target datasets and implementation techniques while performing forensic investigations. For this purpose, qualitative methods have been used to develop thematic taxonomy. The distinct objectives of this study include accessibility to the network infrastructure and artifacts and collection of evidence against the intruder using network forensic techniques to communicate the information related to network attacks with minimum false-negative results. It will help organizations to investigate external and internal causes of network security attacks.

On Creating Digital Evidence in IP Networks With NetTrack

2018 ◽  
pp. 225-245
Author(s):  
Diana Berbecaru
Keyword(s):  
Network Traffic ◽  
High Speed ◽  
Digital Signatures ◽  
Digital Evidence ◽  
Open Court ◽  
Forensic Tools ◽  
Network Forensic ◽  
Ip Packet ◽  
Computer Forensic ◽  
Short Time

Computer forensic is the practice of collecting, analyzing, and reporting digital evidence in a way that is legally admissible in open court. Network forensics, an offset of computer forensic, is mainly concerned with the monitoring and analysis of network traffic, both local and WAN/internet, in order to identify security incidents and to investigate fraud or network misuse. In this chapter, the authors discuss challenges in creating high-speed network forensic tools and propose NetTrack, a tamper-proof device aimed to produce evidences with probative value via digital signatures for the network traffic. Since digitally signing each IP packet is not efficient, the authors used a specific technique exploiting the Merkle trees to create digital signatures for flows and multicasts and implemented it by using an optimized algorithm for Merkle tree traversal to save space and time. Through experiments, the authors show NetTrack signing is fast as it can produce digital evidence within a short time.

scholarly journals Forensic Tools Performance Analysis on Android-based Blackberry Messenger using NIST Measurements

2018 ◽  
Vol 8 (5) ◽  
pp. 3991
Author(s):  
Imam Riadi ◽  
Rusydi Umar ◽  
Arizona Firdonsyah
Keyword(s):  
Comparative Analysis ◽  
Performance Analysis ◽  
Instant Messaging ◽  
Digital Evidence ◽  
Standard Technology ◽  
Digital Crime ◽  
Forensic Tools

Blackberry Messenger is one of the popularly used instant messaging applications on Android with user’s amount that increase significantly each year. The increase off Blackberry Messenger users might lead to application misuse, such as for commiting digital crimes. To conduct investigation involving smartphone devices, the investigators need to use forensic tools. Therefore, a research on current forensic tool’s performance in order to handle digital crime cases involving Android smartphones and Blackberry Messenger in particular need to be done. This research focuses on evaluating and comparing three forensic tools to obtain digital evidence from Blackberry Messenger on Android smartphones using parameter from National Institute of Standard Technology and Blackberry Messenger’s acquired digital evidences. The result shows that from comparative analysis conducted, Andriller gives 25% performance value, Oxygen Forensic Suite gives 100% performance value, and Autopsy 4.1.1 gives 0% performance value. Related to National Institute of Standard Technology parameter criterias, Andriller has performance value of 47.61%. Oxygen Forensic Suite has performance value of 61.90%. Autopsy 4.1.1 has performance value of 9.52%.

Sign in / Sign up

Export Citation Format

Share Document