Mobile Platforms to Support Network Forensics
Department of Defense
Agency Tracking Number:
Solicitation Topic Code:
Small Business Information
ODYSSEY RESEARCH ASSOC., INC.
33 Thornwood Drive, Suite 500, Ithaca, NY, 14850
Socially and Economically Disadvantaged:
AbstractIn a large computer network, a sophisticated, coordinated attack can have a devastating impact. To thwart the effectiveness of such an attack, investigators and administrators must be able to quickly understand what resources were affected and how theywere affected. Complicating this task is the fact that few large facilities, either commercial or military, have sufficient expert personnel to physically examine each network segment that was attacked, as often these networks will be hundreds, if notthousands, of miles apart. We propose to create mobile forensic platforms (MFPs) as a tool to aid the investigators with the forensic task. MFPs are computers that can be quickly deployed on any network to perform remote forensic investigation with veryhigh assurance security. The MFPs will contain a number of extensible forensic tools to allow an investigator to quickly and securely examine network resources remotely.The anticipated benefit is the ability to quickly respond to coordinated computerattacks. Because of the limited number of expert personnel that can perform network forensics in any organization, mobile platforms for forensics will provide an edge in defending against such attacks by giving investigators direct, low-level access tomany geographically diverse networks. This increases the effectiveness of the experts by allowing them to conduct investigations without requiring them to travel to the sites, which in turn creates a stronger defense against coordinated attacks. Themobile platforms provide remote access without further risk to the security of the installation (and in some cases, allow them to conduct an investigation even when internal network connectivity is unavailable). There is a direct path forcommercialization, since commercial organizations must face the same threat of coordinated attacks with limited personnel and will benefit from this technology.
* information listed above is at the time of submission.