The Digital Forensics Research Paper Example | Topics and Well Written Essays - 1000 words

The Digital Forensics - Research Paper Example A distributed network can be on a broad scale and may involve many enterprise computer networks. Likewise, the currently installed network security controls are bypassed by the worm because distributed traffic anomaly is complex and small to detect. However, combining with multiple small data packets can impose a significant impact, as they all share the same frequency and domain that is already happening in the current scenario. For this reason, a method for detecting threats originating from the distributed network was introduced by (Zonglin, Guangmin, Xingmiao, & Dan, 2009). The methodology includes a detection of patterns of the distributed network along with network-wide correlation analysis of instantaneous parameters, anomalous space extraction and instantaneous amplitude and instantaneous frequency. In the current scenario, network administrators can apply instantaneous amplitude and instantaneous frequency, which is a part of this model, of network transmission signals can i nvade network unknown patterns and categorize them into frequency and time domains separately. Moreover, they can also deploy an anomalous space extraction methodology that is based on network transmission predictions. This methodology will facilitate network administrators to exceed the boundaries of PCA based methods that are already failed to provide strong correlations. Furthermore, the third component that is a network-wide correlation analysis of amplitude and frequency can discover overall network transmission originating from distributed networks, as the current controls are only sensing them in a small amount or quantity. After determining the exact source of the unknown worm, the next challenge is to analyze the infected nodes within the network. It is obvious that without a specialized tool, it is a daunting or almost impossible task to detect anomalies on low levels i.e. network ports. There is a requirement of pinpointing unknown threat activities within the network, fo r this purpose, a powerful tool is known as Wire shark will serve the purpose. Wire shark is a freeware tool that analyzes network packets and processes them for illustrating detailed contents of the packets (Scalisi, 2010). Moreover, the tool contains numerous features that can facilitate the threat detection process. The first step that a network administrator will take is to identify the type of traffic or ports that need to be targeted. The second step is to start capturing packets on all ports of all the switches (Scalisi, 2010). However, there is a requirement of modifying port numbers. As per the current scenario, all the network ports will be scanned including the Simple Mail Transfer Protocol (SMTP) port. The tool has a feature of only scanning specific ports that need to be targeted. However, in a corporate network environment that will not be possible, as an Intrusion detection system (IDS) and Firewalls may conflict with the tool. Moreover, different subnets on the netwo rk will also require complex and time-consuming configurations. Furthermore, the network administrator can always set the time limit for capturing specific network port data.