Generalizing sources of live network evidence


This paper suggests combining the capture of network traffic and the collection of data from remote network services into a more general acquisition category of live network evidence sources. These two evidence sources exhibit many similarities, collected data share the same basic characteristics, and the acquisition architectures used for collection are… (More)
DOI: 10.1016/j.diin.2005.08.001


