| < Day Day Up > |
|
A high-profile computer system has been compromised, and Federal Law Enforcement officials have been called in to investigate the break-in. Fortunately, a network security system has been retaining all network packet information for the past six months. Because of the high volume of data involved, advanced visual analysis tools are applied to the tens-of-millions of network events. These tools, in combination with information produced from an on-sight investigation, are used to identify suspect communications. Through the use of visualization tools, the investigators identified the intruder’s identity and his unlawful activity spanning six months. In addition, patterns of network misuse invisible to system administrators, caused by other perpetrators, were discovered through pattern analysis. The additional abnormalities in network usage were identified by visually mining through the forensic data.
| < Day Day Up > |
|