Network and computer forensics analysis is an after the fact process that investigates malicious activities conducted over computer networks to gather useful intelligence. Forensics investigation results are used to design security techniques and strategies to prevent future malicious activities and assess the damage of the successful ones. In addition, forensics results are used in the court of law to prove criminal intention.

Network and computer forensics analysis is an expensive process that is usually time consuming and requires a team of forensics investigators. The current available forensics analysis systems are limited to query engines capabilities without advanced investigation techniques. Reducing the cost of network and computer forensics and automating the forensics investigation process is a key and open research challenge.

The objective of this project is to develop a novel intelligent framework that allows semi-automating the forensics investigation process and reducing the need of human interaction and supervision. Our proposed approach is inspired by the recent development in the semantic web and machine learning techniques. To design our novel intelligent network forensics analysis framework we propose a new approach that combines machine learning, semantics analysis, graph mining, and visualization techniques. Each of these techniques was selected and adapted to solve one or more network forensics challenges, so that at the end we have an integrated approach to solve intelligently and automatically network forensics problems.

People

  • Dr. Issa Traore, Coordinator
  • Mr. Sherif Saad, Investigator