Dlamini, IOlivier, MGrobler, M2009-09-112009-09-112009-06Dlamini, I, Olivier, M and Grobler, M. 2009. Simulation of logical traffic isolation using differentiated services. 4th International Workshop on Digital Forensics and Incident Analysis (WDFIA 2009), Athens, Greece, 25-26 June, 2009. pp 109781841022307http://hdl.handle.net/10204/35854th International Workshop on Digital Forensics and Incident Analysis (WDFIA 2009)Athens, Greece, 25-26 June 2009This paper extends work on a forensic model for traffic isolation based on Differentiated Services (DiffServ) and measures its performance by using a simulation. The simulated model has four basic components: traffic generators, the DiffServ network domain, a preservation station and a sink server. On the client side, the simulation has two traffic generators that generate either normal or suspicious traffic. The network domain isolates the suspicious traffic by using an ingress router to mark it as suspicious, whereas the preservation station preserves the isolated traffic/evidence to ensure forensic soundness. On the DiffServ server side, a sink server receives and processes all requests. The authors simulated the proposed DiffServ model by using the Network Simulator (NS2) tool. Preliminary results show that the simulated concept has improved support for evidence preservation, whilst also providing an easy means for cyber investigators to gather evidence.enLogical traffic isolationDifferentiated servicesDiffServSuspicious trafficNetwork forensicsForensic modelPreservation stationDigital forensicsWDFIA 2009Incident AnalysisConference PresentationDlamini, I., Olivier, M., & Grobler, M. (2009). Simulation of logical traffic isolation using differentiated services. http://hdl.handle.net/10204/3585Dlamini, I, M Olivier, and M Grobler. "Simulation of logical traffic isolation using differentiated services." (2009): http://hdl.handle.net/10204/3585Dlamini I, Olivier M, Grobler M, Simulation of logical traffic isolation using differentiated services; 2009. http://hdl.handle.net/10204/3585 .TY - Conference Presentation AU - Dlamini, I AU - Olivier, M AU - Grobler, M AB - This paper extends work on a forensic model for traffic isolation based on Differentiated Services (DiffServ) and measures its performance by using a simulation. The simulated model has four basic components: traffic generators, the DiffServ network domain, a preservation station and a sink server. On the client side, the simulation has two traffic generators that generate either normal or suspicious traffic. The network domain isolates the suspicious traffic by using an ingress router to mark it as suspicious, whereas the preservation station preserves the isolated traffic/evidence to ensure forensic soundness. On the DiffServ server side, a sink server receives and processes all requests. The authors simulated the proposed DiffServ model by using the Network Simulator (NS2) tool. Preliminary results show that the simulated concept has improved support for evidence preservation, whilst also providing an easy means for cyber investigators to gather evidence. DA - 2009-06 DB - ResearchSpace DP - CSIR KW - Logical traffic isolation KW - Differentiated services KW - DiffServ KW - Suspicious traffic KW - Network forensics KW - Forensic model KW - Preservation station KW - Digital forensics KW - WDFIA 2009 KW - Incident Analysis LK - https://researchspace.csir.co.za PY - 2009 SM - 9781841022307 T1 - Simulation of logical traffic isolation using differentiated services TI - Simulation of logical traffic isolation using differentiated services UR - http://hdl.handle.net/10204/3585 ER -