A flexible distributed network forensic evidence acquisition framework
KeywordsNetwork forensic frameworks ; Network Forensic Analysis Tools (NFATs) ; Network Security and Monitoring (NSM) ; Raspberry Pi 2 ; Databases
A flexible network forensic evidence acquisition framework is introduced which is composed by two main factors, the agent (portable network evidence acquisition device) and a cloud database. The agent is based on the inexpensive credit card–sized single‐board computer “Raspberry Pi 2 Model B” and uses open source software. The cloud database is the MySQL Database which can be deployed in a virtual machine or as Database as a Service (DbaaS). It is described which of these two cloud databases deployment methods is chosen and in which cases. The main scopes of this design are firstly, to provide flexibility and scalability in the storage management of network evidence. This will be succeeded due to two reasons, the agent does not store data locally rather than sending them directly to the cloud database and the other one is the cloud database itself (theoretically due to cloud infinite storage capacity). Secondly, it is introducing the use of a small factor, relatively cheap hardware collector. Furthermore, two working modes will be described, wired and RF mode.