Florian Weijers

Aus IT-Forensik Wiki

Master Thesis, Hochschule Wismar, Juli 2024

Autor: Florian Weijers

Titel: Development of Forensic Strategies and Methods in Software-Defined Networks

Abstract

This work shows the methodical and strategic approach of a forensic investigation in advanced SDN. First, the basics of SDN technology are explained in general terms. This is followed by a presentation of classic approaches to digital forensics in networks and a brief description of typical security mechanisms in SDN.

The basic technical and structural characteristics of SDN are then outlined. This concerns specific characteristics of SDN in contrast to other networks. Typical forensic tools that are used for network investigations and that may also be suitable for investigations in SDN are also presented. The classic process of a forensic network investigation is also shown.

Furthermore, a network of the company ZeroTier Inc. is examined using an example of SDN and fundamentally analysed with selected tools. The main focus is on the applicability of typical investigation tools and the special features of the results in SDN. Basic network information is illustrated, as well as the functionalities and architecture of the ZeroTier network. Typical characteristics of the ZeroTier network are then worked out, and finally different tools are used to obtain information in a ZeroTier example network.

Strategies and methods for investigations in SDN are then derived from the practical investigations and presented graphically as a result.

The methods of network forensics in SDN and the strategies of the SDN investigation processes are illustrated and summarized in tabular form using developed graphics.

The summary also deals with the development of structured network forensics in SDN and the presentation of legal problems and conflicts, with the aim of establishing methodological and strategic standards in subsequent projects.

Download PDF-Dokument