Fingerprinting Techniques for Network Forensics
Overview, Opportunities and Challenges
Dominik Herrmann
1 Fingerprinting Primer
Origin: Radar “fingerprints”
2 Lacy (1967) Fingerprinting Primer
Origin: Radar “fingerprints”
3 Lacy (1967) Fingerprinting Primer
Fingerprinting = Art + Engineering
selection of robust construction features > of pattern matching
Diversity Stability
statistics pattern machine learning matching
4 Talbot et al. (2001) Fingerprinting Primer
Image: Srihari et al. (2001) Fingerprinting = Art + Engineering
selection of robust construction features > of pattern matching
Diversity Stability
statistics pattern machine learning matching
5 Talbot et al. (2001) Agenda
Fingerprinting Primer
From Computer Forensics to Network Forensics
Three Case Studies:
Website Device/Software Human Behavior Fingerprinting Fingerprinting Fingerprinting
Fingerprinting for Forensics: A new promising opportunity or a dangerous instrument?
6 The case for network forensics
Computer Forensics Network Forensics
• focus on HDD and RAM • focus on network traffic • static dataset • transient dataset
Typical objectives Typical objectives • deduce actions of a subject • find source of criminal activity • ascription of files/actions • find evidence that a subject is involved in criminal activity However, some attacks do not leave suitable forensic traces. Challenges • large volumes of traffic We could look at network difficult to analyze traffic to capture transient • cannot analyze content if it is data and activities. encrypted before transmission
7 Rising interest in security-related fingerprinting lately