Authors: Christopher Lopez-Araiza, Ebru Celikel Cankaya.
In an effort to establish a standard for responsive networking systems, we provide a survey of available tools and their applications for network forensics, as well as discuss the accessibility of these solutions to implement. Our paper investigates four network security tools in detail: Fail2ban, Netdata, Nmap, and HoneyDrive3 to test run on experimental setup. We compare these tools w.r.t. seven fundamental forensics criteria as logging, automated threat response, active monitoring, attack prevention capability, malicious activity detection, malicious activity notification, and security auditing. Experimental results are compared for further analysis. We rank results based on degree of coverage for the full set of seven forensics criteria. We also emphasize how utilizing relevant solutions could have aided in mitigating past threats.
View/Download pdf