The Digital Forensics Research Paper Example | Topics and Well Written Essays - 1000 words

The Digital Forensics - Research Paper ExampleA distributed interlock nookie be on a broad scale and may involve many enterprise computer networks. Likewise, the on-line(prenominal)ly inst onlyed network security controls are bypassed by the worm because distributed affair anomaly is complex and small to detect. However, combining with multiple small data packets brush off impose a significant impact, as they all share the same frequency and domain that is already happening in the current scenario. For this reason, a method for detecting threats originating from the distributed network was introduced by (Zonglin, Guangmin, Xingmiao, & Dan, 2009). The methodology includes a detection of patterns of the distributed network along with network-wide correlation analysis of instantaneous parameters, anomalous space extraction and instantaneous amplitude and instantaneous frequency. In the current scenario, network administrators can apply instantaneous amplitude and instantaneous freq uency, which is a part of this model, of network transmission signals can invade network unknown patterns and categorize them into frequency and time domains separately. Moreover, they can also deploy an anomalous space extraction methodology that is based on network transmission predictions. This methodology will palliate network administrators to exceed the boundaries of PCA based methods that are already failed to provide strong correlations. Furthermore, the third component that is a network-wide correlation analysis of amplitude and frequency can discover overall network transmission originating from distributed networks, as the current controls are only sensing them in a small amount or quantity. later on determining the exact source of the unknown worm, the next challenge is to analyze the infected nodes within the network. It is obvious that without a specialized shaft of light, it is a daunting or almost impossible task to detect anomalies on low levels i.e. network port s. There is a requirement of pinpointing unknown threat activities within the network, for this purpose, a decently tool is known as Wire shark will serve the purpose. Wire shark is a freeware tool that analyzes network packets and processes them for illustrating detailed contents of the packets (Scalisi, 2010). Moreover, the tool contains numerous features that can facilitate the threat detection process. The first step that a network administrator will take is to identify the type of traffic or ports that guide to be targeted. The second step is to start capturing packets on all ports of all the switches (Scalisi, 2010). However, there is a requirement of modifying port numbers. As per the current scenario, all the network ports will be scanned including the Simple Mail Transfer Protocol (SMTP) port. The tool has a feature of only scanning specific ports that need to be targeted. However, in a corporate network environment that will not be possible, as an Intrusion detection sys tem (IDS) and Firewalls may combat with the tool. Moreover, different subnets on the network will also require complex and time-consuming configurations. Furthermore, the network administrator can always set the time limitation for capturing specific network port data.