In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
4th International Annual Workshop on Digital Forensics & Incident Analysis (WDFIA 2009)
Title: A Simulation of Logical Traffic Isolation Using Differentiated Services
Author(s): Innocentia Zamaswazi Dlamini, Martin Olivier, Marthie Grobler
Keywords: Differentiated Services, preservation station, Network Forensics, suspicious traffic
Abstract: This paper extends work on a forensic model for traffic isolation based on Differentiated Services (DiffServ) and measures its performance by using a simulation. The simulated model has four basic components: traffic generators, the DiffServ network domain, a preservation station and a sink server. On the client side, the simulation has two traffic generators that generate either normal or suspicious traffic. The network domain isolates the suspicious traffic by using an ingress router to mark it as suspicious, whereas the preservation station preserves the isolated traffic/evidence to ensure forensic soundness. On the DiffServ server side, a sink server receives and processes all requests. The authors simulated the proposed DiffServ model by using the Network Simulator (NS2) tool. Preliminary results show that the simulated concept has improved support for evidence preservation, whilst also providing an easy means for cyber investigators to gather evidence.
Download count: 1590
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.