Dlamini, IOlivier, MSibiya, S2010-01-222010-01-222009-08Dlamini, I, Olivier, M and Sibiya, S. 2009. Bi-directional approach for logical traffic isolation forensic model. Southern Africa Telecommunication Networks and Applications Conference (SATNAC 2009). Swaziland, 30 August-2 September 2009, pp 2http://hdl.handle.net/10204/3916Southern Africa Telecommunication Networks and Applications Conference (SATNAC 2009). Swaziland, 30 August-2 September 2009Network forensics involves capturing, recording and analysing network activity in discovering the source of security policy violations or information assurance. The network forensic system that is described in this paper is called the "Catch-it-as-you-can" system, which seizes all packets passing through a certain traffic point, captures and writes them to the storage. The main aim of this paper is to address some of the challenges faced by the Logical Traffic Isolation (LTI) model, more specifically the incompleteness of evidence-gathering process. This study proposes the Bidirectional Logical Traffic Isolation model (BLTI) to improve evidence completeness by recording both the request and the response of the suspicious communication; rather than only the request (suspicious data) as Logical Traffic Isolation (LTI) did. The BLTI uses indexing methods to improve information recording and retrieval. Future research will continue with the evaluation of the BLTI model performance not covered in this paper.enNetwork forensicsLogical traffic isolationBidirectional logical traffic isolation modelBLTIDifferentiated servicesConference PresentationDlamini, I., Olivier, M., & Sibiya, S. (2009). Bi-directional approach for logical traffic isolation forensic model. SATNAC 2009. http://hdl.handle.net/10204/3916Dlamini, I, M Olivier, and S Sibiya. "Bi-directional approach for logical traffic isolation forensic model." (2009): http://hdl.handle.net/10204/3916Dlamini I, Olivier M, Sibiya S, Bi-directional approach for logical traffic isolation forensic model; SATNAC 2009; 2009. http://hdl.handle.net/10204/3916 .TY - Conference Presentation AU - Dlamini, I AU - Olivier, M AU - Sibiya, S AB - Network forensics involves capturing, recording and analysing network activity in discovering the source of security policy violations or information assurance. The network forensic system that is described in this paper is called the "Catch-it-as-you-can" system, which seizes all packets passing through a certain traffic point, captures and writes them to the storage. The main aim of this paper is to address some of the challenges faced by the Logical Traffic Isolation (LTI) model, more specifically the incompleteness of evidence-gathering process. This study proposes the Bidirectional Logical Traffic Isolation model (BLTI) to improve evidence completeness by recording both the request and the response of the suspicious communication; rather than only the request (suspicious data) as Logical Traffic Isolation (LTI) did. The BLTI uses indexing methods to improve information recording and retrieval. Future research will continue with the evaluation of the BLTI model performance not covered in this paper. DA - 2009-08 DB - ResearchSpace DP - CSIR KW - Network forensics KW - Logical traffic isolation KW - Bidirectional logical traffic isolation model KW - BLTI KW - Differentiated services LK - https://researchspace.csir.co.za PY - 2009 T1 - Bi-directional approach for logical traffic isolation forensic model TI - Bi-directional approach for logical traffic isolation forensic model UR - http://hdl.handle.net/10204/3916 ER -