This paper extends work on a forensic model for traffic isolation based on Differentiated Services (DiffServ) and measures its performance by using a simulation. The simulated model has four basic components: traffic generators, the DiffServ network domain, a preservation station and a sink server. On the client side, the simulation has two traffic generators that generate either normal or suspicious traffic. The network domain isolates the suspicious traffic by using an ingress router to mark it as suspicious, whereas the preservation station preserves the isolated traffic/evidence to ensure forensic soundness. On the DiffServ server side, a sink server receives and processes all requests. The authors simulated the proposed DiffServ model by using the Network Simulator (NS2) tool. Preliminary results show that the simulated concept has improved support for evidence preservation, whilst also providing an easy means for cyber investigators to gather evidence.
Reference:
Dlamini, I, Olivier, M and Grobler, M. 2009. Simulation of logical traffic isolation using differentiated services. 4th International Workshop on Digital Forensics and Incident Analysis (WDFIA 2009), Athens, Greece, 25-26 June, 2009. pp 10
Dlamini, I., Olivier, M., & Grobler, M. (2009). Simulation of logical traffic isolation using differentiated services. http://hdl.handle.net/10204/3585
Dlamini, I, M Olivier, and M Grobler. "Simulation of logical traffic isolation using differentiated services." (2009): http://hdl.handle.net/10204/3585
Dlamini I, Olivier M, Grobler M, Simulation of logical traffic isolation using differentiated services; 2009. http://hdl.handle.net/10204/3585 .