δείτε την πρωτότυπη σελίδα τεκμηρίου στον ιστότοπο του αποθετηρίου του φορέα για περισσότερες πληροφορίες και για να δείτε όλα τα ψηφιακά αρχεία του τεκμηρίου*
Network forensics consists of the identification, preservation and extraction of evidence
from an event that has occurred over the network. Evidence for that event can be found not
only though the monitored network traffic but also from different devices. Router forensics
include the techniques used to extract information about an event that occurred on a
router. Routers perform the traffic directing functions on the Internet. If a malicious user
successfully attacks and gains access to a router or a switch of the network he can
then monitor and modify any traffic to and from that network but also making very hard
for the end user to find out if the network is compromise or not. In this diploma thesis,
the techniques on how evidence can be extracted from a CISCO router are described.
There is an analysis of how an investigator can acquire evidence when physical access
to the router is available. Also, there is an analysis of how memory dump and remote file
extraction can be performed as to not tamper the state of the router and certain data gets
lost. Furthermore, through a case study in collaboration with cyber defense department
of the Hellenic Army IT Support Center (ΚΕΠΥΕΣ), there is an analysis on how different
functionalities of CISCO routers can be exploited to give advantage to a malicious user. To
help with the analysis, the volatility framework was studied and used to extract information
contained from the memory dump of the router.
(EL)
*Η εύρυθμη και αδιάλειπτη λειτουργία των διαδικτυακών διευθύνσεων των συλλογών (ψηφιακό αρχείο, καρτέλα τεκμηρίου στο αποθετήριο) είναι αποκλειστική ευθύνη των αντίστοιχων Φορέων περιεχομένου.
Βοηθείστε μας να κάνουμε καλύτερο το OpenArchives.gr.
Πανεπιστήμιο Πειραιώς
