Payload attribution is an important problem often encountered in network forensics. Given an excerpt of a payload, finding its source and destination is useful for many security applications such as identifying sources and victims of a worm or virus. Although IP traceback techniques have been proposed in the literature, these techniques cannot help when we… (More)
We consider the problem of building a P2P-based search engine for massive document collections. We describe a prototype system called ODISSEA (Open DIStributed Search Engine Architecture) that is currently under development in our group. ODISSEA provides a highly distributed global indexing and query execution service that can be used for content residing… (More)
This paper introduces ForNet, a distributed network logging mechanism to aid digital forensics over wide area networks. We describe the need for such a system, review related work, present the architecture of the system, and discuss key research issues.
In this paper we address the problem of reassembly of images from a collection of their fragments. The image re-assembly problem is formulated as a combinatorial optimization problem and image assembly is then done by finding an optimal ordering of fragments. We present implementation results showing that images can be reconstructed with high accuracy even… (More)
Reassembly of fragmented objects from a collection of randomly mixed fragments is a common problem in classical forensics. In this paper we address the digital forensic equivalent, i.e., reassembly of document fragments, using statistical modelling tools applied in data compression. We propose a general process model for automatically analyzing a collection… (More)
—It is well known that encryption provides secure channels for communicating entities. However, due to lack of covertness on these channels, an eavesdropper can identify en-crypted streams through statistical tests and capture them for further cryptanalysis. Hence, the communicating entities can use steganography to achieve covertness. In this paper we… (More)
One of the growing problems faced by network administrators is the abuse of computing resources by authorized and unauthorized personnel. The nature of abuse may vary from using unauthorized applications to serving unauthorized content. Proliferation of peer-to-peer networks and wide use of tunnels makes it difficult to detect such abuses and easy to… (More)