Abstract :
Formal standards, precedents, and best practices for verifying and validating the behavior of low layer network devices used for digital evidence-collection on networks are badly needed - initially so that these can be employed directly by device owners and data users to document the behaviors of these devices for courtroom presentation, and ultimately so that calibration testing and calibration regimes are established and standardized as common practice for both vendors and their customers [Endicott-Popovsky, B.E., Chee, B. and Frincke, D. "Role of calibration as part of establishing foundation for expert testimony," in Proceedings 3rd Annual IFIP WG 11.9 Conference, January 29-31, Orlando, FL.]. The ultimate intent is to achieve a state of confidence in device calibration that allows the network data gathered by them to be relied upon by all parties in a court of law. This paper describes a methodology for calibrating forensic-ready low layer network devices based on the Flaw Hypothesis Methodology [Weissman, C. (1973). "System Security Analysis: Certification, methodology and results." Tech Report No. SP-3728, System Development Corporation., Weissman, C. (1995). "Penetration testing." In M. Abrams, S. Jajodia, and H. Podell, (Eds.), Information Security: An Integrated Collection of Essays, pp. 269-296. Los Alamitos, CA: IEEE Computer Society Press.].
Keywords :
calibration; security of data; device calibration; digital evidence-collection; digital forensics; observability calibration test development; Best practices; Calibration; Conferences; Forensics; Military standards; Observability; Standards development; Switches; Telecommunication traffic; Testing; digital forensics; life cycle; network forensics; networks;
