Article: Analysis of firewall log-based detection scenarios for evidence in digital forensics Journal: International Journal of Electronic Security and Digital Forensics (IJESDF) 2012 Vol.4 No.4 pp.261 - 279 Abstract: With the recent escalating rise in cybercrime, firewall logs have attained much research focus in assessing their capability to serve as excellent evidence in digital forensics. Even though the main aim of firewalls is to screen or filter part or all network traffic, firewall logs could provide rich traffic information that could be used as evidence to prove or disprove the occurrence of online attack events for legal purposes. Since courts have a definition of what could be presented to it as evidence, this research investigates on the determinants for the acceptability of firewall logs as suitable evidence. Two commonly used determinants are tested using three different firewall-protected network scenarios. These determinants are: 1) admissibility that requires the evidence to satisfy certain legal requirements stipulated by the courts; 2) weight that represents the sufficiency and extent to which the evidence convinces the establishment of cybercrime attack. Inderscience Publishers - linking academia, business and industry through research

Title: Analysis of firewall log-based detection scenarios for evidence in digital forensics

Authors: Rabiu Mukhtar; A. Al-Nemrat; Mamoun Alazab; Sitalakshmi Venkatraman; Hamid Jahankhani

Addresses: School of Architecture, Computing, and Engineering, University of East London, 4-6 University Way, E16 2RD, London, UK. ' School of Architecture, Computing, and Engineering, University of East London, 4-6 University Way, E16 2RD, London, UK. ' ARC Centre of Excellence in Policing and Security, Regulatory Institutions Network, School of Regulation, Justice and Diplomacy, Australian National University, Acton, ACT 0200, Australia. ' School of Science, Information Technology and Engineering, University of Ballarat, Ballarat, VIC 3350, Australia. ' School of Architecture, Computing, and Engineering, University of East London, 4-6 University Way, E16 2RD, London, UK

Abstract: With the recent escalating rise in cybercrime, firewall logs have attained much research focus in assessing their capability to serve as excellent evidence in digital forensics. Even though the main aim of firewalls is to screen or filter part or all network traffic, firewall logs could provide rich traffic information that could be used as evidence to prove or disprove the occurrence of online attack events for legal purposes. Since courts have a definition of what could be presented to it as evidence, this research investigates on the determinants for the acceptability of firewall logs as suitable evidence. Two commonly used determinants are tested using three different firewall-protected network scenarios. These determinants are: 1) admissibility that requires the evidence to satisfy certain legal requirements stipulated by the courts; 2) weight that represents the sufficiency and extent to which the evidence convinces the establishment of cybercrime attack.

Keywords: cybercrime; forensic analysis; firewall logs; digital evidence; log-based detection; digital forensics; online attacks; evidence acceptability; legal admissibility.

DOI: 10.1504/IJESDF.2012.049761

International Journal of Electronic Security and Digital Forensics, 2012 Vol.4 No.4, pp.261 - 279

Received: 14 May 2011
Accepted: 28 Mar 2012
Published online: 19 Nov 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Analysis of firewall log-based detection scenarios for evidence in digital forensics

Keep up-to-date