Skip to Main content Skip to Navigation
Conference papers

A Forensic Methodology for Software-Defined Network Switches

Abstract : This chapter presents a forensic methodology for computing systems in a software-defined networking environment that consists of an application plane, control plane and data plane. The methodology involves a forensic examination of the software-defined networking infrastructure from the perspective of a switch. Memory images of a live switch and southbound communications are leveraged to enable forensic investigators to identify and locate potential evidence for triage in real time. The methodology is evaluated using a real-world testbed exposed to network attacks. The experimental results demonstrate the effectiveness of the methodology for forensic investigations of software-defined networking infrastructures.
Complete list of metadatas

Cited literature [19 references]  Display  Hide  Download

https://hal.inria.fr/hal-01716399
Contributor : Hal Ifip <>
Submitted on : Friday, February 23, 2018 - 3:50:16 PM
Last modification on : Friday, February 23, 2018 - 3:52:03 PM
Document(s) archivé(s) le : Friday, May 25, 2018 - 1:58:46 AM

File

456364_1_En_6_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Tommy Chin, Kaiqi Xiong. A Forensic Methodology for Software-Defined Network Switches. 13th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2017, Orlando, FL, United States. pp.97-110, ⟨10.1007/978-3-319-67208-3_6⟩. ⟨hal-01716399⟩

Share

Metrics

Record views

146

Files downloads

57