Gathering Evidence from an IDS

Gathering Evidence from an IDS in this the monitoring network traffic is of prime importance. Organizations install IDSes to monitor intrusions. To capture network traffic, first configure the IDS. However, this is not sufficient as a source of evidence, because the 1DS is incapable of performing integrity checks on log files. In a network investigation, preserving digital evidence is difficult, as the data displayed on screen will remain only for few seconds.

The Windows HyperTerminal program or Script can be used on UNIX through a serial cable to record the results of the examination of a networking device such as a router or switch.

If the amount of information required is large, we can record the onscreen event using a video camera or a relevant software program. This technique is useful for collecting dynamic digital evidence. We can later produce this evidence as a videotape. The disadvantage in such a program is that it does not perform an integrity check, making it difficult to authenticate the information.

Related Product : Computer Hacking Forensic Investigator | CHFI

Modern techniques and methodologies for detecting attacks and malicious activities on computers and networks have evolved a lot over the last couple of years. the necessity for detecting intrusion attempts before the particular attack simplifies the work of securely administering computer networks. Often an attacker will probe different ports and services on a network to urge intelligence about the structure of the network. Afterwards how and what services are often compromised is set . this is often often a common strategy applied by most of the attackers and this is where Intrusion Detection Systems (IDS) comes in. They simplify the work of detecting attacks well before the particular attack by tracing the paths that the attacker leaves while gathering intelligence a few network. Government legislations however often act as a barrier in accessing/ monitoring private communications. this text will particularly specialise in the potential of using IDS logs as evidence in legal proceedings. it’ll also address the Commonwealth Telecommunication Interception Act to spot some conflicting issues that at some extent acts as a barrier for deployment of IDS tools.

There is a growing need to be used of Intrusion Detection Systems (IDS) privately and public corporations. These systems are vital to safeguard the large distributed computing environment that a particular organization controls and manages. The log files that IDS generate are often massive counting on the quantity of traffic and knowledge they handle. it’s important to know that the utilization of IDS may be a measure for securing the knowledge system of companies and organization and that they provide valuable support for diagnosing and reviewing security problems. Government legislators however, don’t consider this and that they will often pass legislations which will stand on the way of public and personal corporations in terms of using IDS as a security tool. The legislators got to understand that it’s not only the police and intelligence agencies that require to intercept communications, private and public sector companies also got to intercept not for interception’s sake except for the sake of maintaining a secured data system . this text will attempt to address these issues generally it’ll also discuss the recent amendment within the telecommunications interception laws.

Also Read : Understand Evidence Gathering via Sniffing

Documenting the Evidence Gathered on a Network

Documenting the evidence gathered on a network is easy if the network logs are small, since it is possible to take and attest a printout. When we gather evidence from systems that are in remote locations, documenting the digital evidence on a network becomes more complex because of the unavailability of date and time stamps of the related files. If the evidence resides on a remote computer, it is important to document the detailed information about collection and location. The investigator should specify the server containing the data to avoid confusion. For proper documentation and maintaining the integrity of the document, it is advisable to follow a standard methodology. To support the chain of custody, the investigator should print out screenshots of important items and attach a record of the actions taken during the collection process.

Questions related to this topic

  1. What is audit record intrusion detection?
  2. What are two types of intrusion detection?
  3. What is intrusion detection in information security?
  4. Can IDS detect DDoS?
  5. How to Gathering Evidence from an IDS?

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us –

Leave a Comment