Digital (May 2024)

A Method for Solving Problems in Acquiring Communication Logs on End Hosts

  • Youji Fukuta,
  • Yoshiaki Shiraishi,
  • Masanori Hirotomo,
  • Masami Mohri

DOI
https://doi.org/10.3390/digital4020024
Journal volume & issue
Vol. 4, no. 2
pp. 483 – 500

Abstract

Read online

In the process of collecting evidence of activities and events in network devices, there are problems with content and storage, and we aim to solve the problems faced by network devices in network forensics. In this paper, we propose a simple method for solving the problems with content and storage in acquiring communication logs on end hosts, implement a sniffing tool that captures raw packets with communication event control, compare it with existing tools, and conduct experiments and considerations. Through these experiments and considerations, we confirmed that the proposed communication log acquisition method can be implemented on the end host, and that the problem can be solved by using a tool that implements the proposed method. Also, we confirmed that it can be applied to real-world communication log collection scenarios, and that it can coexist with existing systems and tools that collect communication logs.

Keywords