Science topic

Network Forensics - Science topic

Explore the latest questions and answers in Network Forensics, and find Network Forensics experts.
Questions related to Network Forensics
  • asked a question related to Network Forensics
Question
1 answer
Check at our new paper on 'MLOps: Automatic, Zero-Touch and Reusable Machine Learning Training and Serving Pipelines' that won the Best paper award at the 2023 IEEE International Conference on Internet of Things and Intelligence Systems (IoTaIS 2023) held in Bali, Indonesia.
ResearchGate Paper Draft Link:
This work demonstrates how an AI/ML model can be taken to production very easily using components from the Acumos AI project and do much more by creating zero-touch ML model infrastructures using Acumos and Nifi.
Relevant answer
  • asked a question related to Network Forensics
Question
2 answers
Does it involved any scripts?
Relevant answer
Thank you Amit Kumar for your suggestions.
  • asked a question related to Network Forensics
Question
2 answers
I’m planning to investigate number of benign/malicious JavaScript files. I read about various methods for JavaScript code analysis (Static and Dynamic) and I want to use ADSandbox for executing these files.
Relevant answer
Answer
  • asked a question related to Network Forensics
Question
3 answers
Hi all,
1/ Has any one know how we can generate traffic network (data and attacks )
with TCPDUMP ?
2/ How to import traffic from tcpdump file in OPNET Modeler 14.5 ?
Relevant answer
Answer
To get a TCP dump file run the command as follows
$ tcpdump -i <interface> -s 65535 -w <some-file>
You will have to specify the correct interface and the name of a file to save into. In addition, you will have to terminate the capture with ^C when you believe you have captured enough packets.
  • asked a question related to Network Forensics
Question
3 answers
Thank in advance
Relevant answer
Answer
honeypot it and see what you will get?
  • asked a question related to Network Forensics
Question
6 answers
I want to identify when multiple queries arises from same IP address, then I want to analyze which one is legal /illegal that makes traffic over the DNS.
Relevant answer
Answer
Actually, a query like"www.google.in" reaches DNS to match with its IP
address. When multiple queries from same IP address may leads to hang the
server.
yes, one can give more queries from same IP , but bots make use of
this and increase illegal traffic over the DNS.
Now my question is that hw to know/analysis these queries are legal or illegal...??
I have decided to assign Time-to-Live (TTL) for each queries....is this possible??
Please suggest any idea or technique to solve this problem
  • asked a question related to Network Forensics
Question
3 answers
I would like to employ the concept of structural balance which requires signed networks. So far I have been using mainly sna, network, statnet and bipartite R packages, nevertheless it seems that options for signed network analysis are rather limited. I would be especially interested in tools for clustering and blockmodeling of signed networks. (After googling I only found research which uses ERGM (statnet package) for testing of the structural balance hypothesis, nevertheless nothing on mentioned exploratory techniques). Is there R option for signed networks? If not, what other software I should look for?
Relevant answer
Answer
You can run under R-programming which is free software.. then you can install waveslim to perform this network analysis.. 
  • asked a question related to Network Forensics
Question
12 answers
I have a terabyte of pcap files. I would like to find intrusions in those files. How can I  eliminate/reduce unwanted fields or packets in those pcap files ?
Relevant answer
Answer
PacketPig based on Apache Hadoop and Snort is probably your best starting point for now: http://hortonworks.com/blog/big-data-security-part-one-introducing-packetpig/
When you have this up and running, then you can experiment using anomaly based detection methods on top of it.
  • asked a question related to Network Forensics
Question
4 answers
Ping flood attack is an attempt to bring down the servers
Relevant answer
Answer
It is common practice to disable ping (ICMP echo response) in servers and hosts, so that would imply the threat exists.