Show simple item record

dc.contributor.authorGarfinkel, Simson L.
dc.contributor.authorShick, Michael
dc.date.accessioned2013-09-11T14:48:12Z
dc.date.available2013-09-11T14:48:12Z
dc.date.issued2013-09-02
dc.identifier.urihttp://hdl.handle.net/10945/36026
dc.descriptionApproved for public release; distribution is unlimiteden_US
dc.description.abstractPassive TCP session reconstruction essential for many kinds of network forensics and law enforcement operations, but it is is complicated by packet loss, retransmissions, and possible attacks by adversaries. The key problem is that participants in the TCP session may observe the TCP segments differently than the monitor. An Added complication is the lack of familiarity with network protocols by many forensic analysts, resulting in the need for tools that are easy-to-use and able to tolerate a wide range of data. To address these issues we rewrote the open source network forensics tool tcpflow, making it more robust to anomalies that had been reported to us by users. We also improved the program’s usability and performance on large packet captures, and added simple visualization that produces a one-page summary PDF for packet captures of any size.en_US
dc.language.isoen_US
dc.publisherMonterey, California. Naval Postgraduate Schoolen_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, may not be copyrighted.en_US
dc.subjectTCP/IPen_US
dc.subjectDigital Forensicsen_US
dc.subjecttcpflowen_US
dc.subjectVisualizationen_US
dc.subjectSession reconstructionen_US
dc.titlePassive TCP Reconstruction and Forensic Analysis with tcpflowen_US
dc.typeTechnical Reporten_US
dc.contributor.departmentComputer Science
dc.identifier.npsreportNPS-CS-13-003


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record