Mobile Platforms to Support Network Forensics

Award Information
Agency:
Department of Defense
Branch
Air Force
Amount:
$98,814.00
Award Year:
2001
Program:
SBIR
Phase:
Phase I
Contract:
F30602-01-C-0098
Award Id:
52376
Agency Tracking Number:
011IF-0882
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
33 Thornwood Drive, Suite 500, Ithaca, NY, 14850
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
101321479
Principal Investigator:
Frank Adelstein
Principal Scientist
(607) 257-1975
fadelstein@oracorp.com
Business Contact:
Richard Smith
Controller
(607) 257-1975
rick@oracorp.com
Research Institution:
n/a
Abstract
In a large computer network, a sophisticated, coordinated attack can have a devastating impact. To thwart the effectiveness of such an attack, investigators and administrators must be able to quickly understand what resources were affected and how theywere affected. Complicating this task is the fact that few large facilities, either commercial or military, have sufficient expert personnel to physically examine each network segment that was attacked, as often these networks will be hundreds, if notthousands, of miles apart. We propose to create mobile forensic platforms (MFPs) as a tool to aid the investigators with the forensic task. MFPs are computers that can be quickly deployed on any network to perform remote forensic investigation with veryhigh assurance security. The MFPs will contain a number of extensible forensic tools to allow an investigator to quickly and securely examine network resources remotely.The anticipated benefit is the ability to quickly respond to coordinated computerattacks. Because of the limited number of expert personnel that can perform network forensics in any organization, mobile platforms for forensics will provide an edge in defending against such attacks by giving investigators direct, low-level access tomany geographically diverse networks. This increases the effectiveness of the experts by allowing them to conduct investigations without requiring them to travel to the sites, which in turn creates a stronger defense against coordinated attacks. Themobile platforms provide remote access without further risk to the security of the installation (and in some cases, allow them to conduct an investigation even when internal network connectivity is unavailable). There is a direct path forcommercialization, since commercial organizations must face the same threat of coordinated attacks with limited personnel and will benefit from this technology.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government