Skip to Main content Skip to Navigation
Conference papers

A Forensic Methodology for Software-Defined Network Switches

Abstract : This chapter presents a forensic methodology for computing systems in a software-defined networking environment that consists of an application plane, control plane and data plane. The methodology involves a forensic examination of the software-defined networking infrastructure from the perspective of a switch. Memory images of a live switch and southbound communications are leveraged to enable forensic investigators to identify and locate potential evidence for triage in real time. The methodology is evaluated using a real-world testbed exposed to network attacks. The experimental results demonstrate the effectiveness of the methodology for forensic investigations of software-defined networking infrastructures.
Document type :
Conference papers
Complete list of metadata

Cited literature [19 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Friday, February 23, 2018 - 3:50:16 PM
Last modification on : Friday, May 21, 2021 - 6:02:03 PM
Long-term archiving on: : Friday, May 25, 2018 - 1:58:46 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Tommy Chin, Kaiqi Xiong. A Forensic Methodology for Software-Defined Network Switches. 13th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2017, Orlando, FL, United States. pp.97-110, ⟨10.1007/978-3-319-67208-3_6⟩. ⟨hal-01716399⟩



Record views


Files downloads