Mobile Platforms to Support Network Forensics

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: F30602-01-C-0098
Agency Tracking Number: 011IF-0882
Amount: $98,814.00
Phase: Phase I
Program: SBIR
Awards Year: 2001
Solicitation Year: N/A
Solicitation Topic Code: N/A
Solicitation Number: N/A
Small Business Information
33 Thornwood Drive, Suite 500, Ithaca, NY, 14850
DUNS: 101321479
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Frank Adelstein
 Principal Scientist
 (607) 257-1975
Business Contact
 Richard Smith
Title: Controller
Phone: (607) 257-1975
Research Institution
In a large computer network, a sophisticated, coordinated attack can have a devastating impact. To thwart the effectiveness of such an attack, investigators and administrators must be able to quickly understand what resources were affected and how theywere affected. Complicating this task is the fact that few large facilities, either commercial or military, have sufficient expert personnel to physically examine each network segment that was attacked, as often these networks will be hundreds, if notthousands, of miles apart. We propose to create mobile forensic platforms (MFPs) as a tool to aid the investigators with the forensic task. MFPs are computers that can be quickly deployed on any network to perform remote forensic investigation with veryhigh assurance security. The MFPs will contain a number of extensible forensic tools to allow an investigator to quickly and securely examine network resources remotely.The anticipated benefit is the ability to quickly respond to coordinated computerattacks. Because of the limited number of expert personnel that can perform network forensics in any organization, mobile platforms for forensics will provide an edge in defending against such attacks by giving investigators direct, low-level access tomany geographically diverse networks. This increases the effectiveness of the experts by allowing them to conduct investigations without requiring them to travel to the sites, which in turn creates a stronger defense against coordinated attacks. Themobile platforms provide remote access without further risk to the security of the installation (and in some cases, allow them to conduct an investigation even when internal network connectivity is unavailable). There is a direct path forcommercialization, since commercial organizations must face the same threat of coordinated attacks with limited personnel and will benefit from this technology.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government