forensic analysis and discovery system
DESCRIPTION
TRANSCRIPT
LOGO
Forensic Analysis and Discovery System
( FADS )
Forensic Analysis and Discovery System
( FADS )
Prepared by:Security Research Group
School of Computer SciencesUniversiti Sains Malaysia
FADS Interfaces
FADS Interfaces
FADS Interfaces
What motivate us ?
ForensicAgent
“ I hacked into www.malaysia.gov.my “
“I don’t have specialize tools to collect the evidences in
computer network and accuse him. Pity me. ”
“ Hackers, you won. ”
Example: Operation Malaysia 15th June 2011
How to implement ?
ForensicAgent
“ Now I am using FADS ”server
internetLAN Network
Evidence Repository
EvidenceAnd Report
How its work?
Server Side
IDS
Store packet in .txt
Upload to host
database
Notification
Send notification
Network Tracer
Source Destination
Client Side
Filtering Analysis Report
Download from remote database
and store in sandbox database
Get data from text file and store in
sandbox database
Filter function based on user / self define rules
Save filtered output and create
report
Technical Spec / Information
= Network Analyzer + Forensic Tools (IDS + Rules )
Rules = Algorithm (DDoS + Spoofing + Brute Force + etc)
IDS = Real Time Detection (Porn SpamBot + Drug Store + Infected Website + etc)
Originality and Sophistication
100% hard code programming
+40% efficiency on database and computer memorymanagement from Wireshark
Cipher evidence from the server and client
Portable easy to be used in any machine
How we differ ?
40%
60%
Snort and Wireshark Forensic Tools
How we differ ?
Function FADS Wireshark Snort
Network Monitoring
DoS detection
Formatted Report
Multiple Database
Online repository
Real-time notification
Potential Market – cont.
Military Intelligence (MinDef)Cyber / Criminal Investigation (PDRM)MCMC SPRMBank IndustryInsurance IndustryOnline Transaction / e-Commerce / e-Business Private organization – system monitoring and
forensic
Impact of the product
Cyber crime activityCyber crime loss
Consumer’s confidencePeople Safety
Cost of maintenance
By empowering the forensic system / tool,
It will greatly enhances,
Benefits
Ease network forensics investigation and cyber crimes evidences gathering.
Proactive digital / network forensic systems for possible evidences database.
Enhances the proof of cyber crimes related / legal processes requirement.
Grant / Publication
Grant : RU-ITitle : Forensic-Based Detection Sistem to Deal With Digital
Evidences From Network
International – Scientific Research Book Publication :1. Mohammad Bani Younes and Aman Jantan, “Image Encryption Using Block-Based Transformation Algorithm: Image Encryption and
Decryption Process Using Block-Based Transformation Algorithm”. LAP LAMBERT Academic Publishing (October 9, 2011). ISBN-10: 3846512729, ISBN-13: 978-3846512722, Paperback: 176 pages. Language: English
International Journal and Journal Proceedings2. Abdulghani Ali Ahmed, Aman Jantan, Wan Tat Chee. 2011. SLA-Based Complementary Approach for Network Intrusion Detection. The
International Journal for the Computer and Telecommunications Industry, Elsevier, ISSN: 0140-3664, Vol. 34, Issue 14, pp. 1738-1749, 1 September 2011. ISI/Scopus. Impact Factor 0.933. doi:10.1016/j.comcom.2011.03.013.
3. Mohammad Rasmi, Aman Jantan, 2011. ASAS: Agile Similarity Attack Strategy Model based on Evidence Classification for Network Forensic Attack Analysis. Procedia-Computer Science Journal (ISSN: 1877-0509).
4. M. Rasmi, Aman Jantan. 2011. AIA: Attack Intention Analysis Algorithm Based on D-S Theory with Causal Technique for Network Forensics - A Case Study. International Journal of Digital Content Technology and its Applications (JDCTA), ISSN: 1975-9339, Vol. 5, No. 9, pp. 230-237, September 2011. Scopus.
5. Abdulghani Ali Ahmed, Aman Jantan, Wan Tat Chee. 2011. SLA-Based Complementary Approach for Network Intrusion Detection. The International Journal for the Computer and Telecommunications Industry, Elsevier, ISSN: 0140-3664, Vol. 34, Issue 14, pp. 1738-1749, 1 September 2011. ISI/Scopus. Impact Factor 0.933. doi:10.1016/j.comcom.2011.03.013.
6. Mohammad Rasmi, Aman Jantan, 2011. ASAS: Agile Similarity Attack Strategy Model based on Evidence Classification for Network Forensic Attack Analysis. Procedia-Computer Science Journal (ISSN: 1877-0509).
7. M. Rasmi, Aman Jantan. 2011. AIA: Attack Intention Analysis Algorithm Based on D-S Theory with Causal Technique for Network Forensics - A Case Study. International Journal of Digital Content Technology and its Applications (JDCTA), ISSN: 1975-9339, Vol. 5, No. 9, pp. 230-237, September 2011. Scopus.
8. Mohd. Izham Ibrahim and Aman Jantan. 2011. A Secure Storage Model to Preserve Evidence in Network Forensics. J.M. Zain et al. (Eds.): ICSECS 2011, Part II, CCIS 180, pp. 391-402. Scopus. Springer-Link.
Grant / Publication
9. M. Rasmi and Aman Jantan. 2011. Attack Intention Analysis Model for Network Forensics. J.M. Zain et al. (Eds.): ICSECS 2011, Part II, CCIS 180, pp. 403-411. Scopus. Springer-Link.
10. Eviyanti Saari and Aman Jantan. 2011. F-IDS: A Technique for Simplifying Evidence Collection in Network Forensics. J.M. Zain et al. (Eds.): ICSECS 2011, Part III, CCIS 181, pp. 693-701. Scopus. Springer-Link.
11. Ghassan Ahmed Ali and Aman Jantan. 2011. A New Approach Based on Honeybee to Improve Intrusion Detection System Using Neural Network and Bees Algorithm. J.M. Zain et al. (Eds.): ICSECS 2011, Part III, CCIS 181, pp. 777-792. Scopus. Springer-Link.
12. Mohammad Rasmi, Aman Jantan, Abdulghani Ali Ahmed. Network Forensics Attack-Analysis Model Based on Similarity of Intention. The International Conference on Computer Application and Education Technology (ICCAET, 2011), 3-4 December 2011. Beijing, China. IEEE Computer Society. Scopus.
13. Abdulghani Ali, Aman Jantan, Ghassan Ahmed Ali, 2009. "A Potent Model for Unwanted Traffic Detection in QoS Network Domain.", International Journal of Digital Content Technology and its Applications - JDCTA, Volume 4, Number 2, April 2010, pp. 122-130. Scopus.
14. Mohamad Fadli Zolkipli and Aman Jantan, "A Framework for Malware Detection Using Combination Technique and Signature Generation," Second International Conference on Computer Research and Development, ICCRD 2010; IEEE Computer Society, pp. 196-199. DOI 10.1109/ICCRD.2010.25. Scopus.
15. Zolkipli, Mohamad Fadli and Aman Jantan. "Malware Behavior Analysis: Learning and Understanding Current Malware Threats," Network Applications Protocols and Services (NETAPPS), 2010 Second International Conference on , vol., no., pp.218-221, 22-23 Sept. 2010. DOI: 10.1109/NETAPPS.2010.46. Scopus.
16. Mohamad Fadli Zolkipli, Aman Jantan. 2011. An Approach for Malware Behavior Identification and Classification. Proceedings of the 2011 3rd International Conference on Computer Research and Development (ICCRD 2011), ISBN: 978-161284837-2, Shanghai, China, pp. 191-194, 11-15 March 2011. Scopus.
17. M. Rasmi and Aman Jantan. 2011. A Model for NFAA-Network Forensics Attack Analysis. Proceedings of the 2011 3rd International Conference on Computer Engineering and Technology (ICCET 2011), ISBN: 9780791859735, Kuala Lumpur, pp. 739-747, 17-19 June 2011. Scopus.
18. Mohamad Fadli Zolkipli and Aman Jantan. 2011. A Framework for Defining Malware Behavior Using Run Time Analysis and Resource Monitoring. J.M. Zain et al. (Eds.): ICSECS 2011, Part I, CCIS 179, pp. 199-209. Scopus. Springer-Link.
19. Mohd. Najwadi Yusoff and Aman Jantan. 2011. A Framework for Optimizing Malware Classification by Using Genetic Algorithm. J.M. Zain et al. (Eds.): ICSECS 2011, Part II, CCIS 180, pp. 58-72. Scopus. Springer-Link.
20. Mohamad Fadli Zolkipli, Aman Jantan. 2011. An Approach for Identifying Malware Operation and Target Using Run Time Analysis and Resource Monitoring. International Journal of Digital Content Technology and its Applications (JDCTA), ISSN: 1975-9339, Volume 5, Number 8, pp. 169-178, August 2011. Scopus.