Forums
Main Category
General (Technical,...
Network Forensics E...
 
Notifications
Clear all

Network Forensics Evidence Scoring System

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by MDCR 11 years ago
5 Posts
3 Users
0 Reactions
650 Views
RSS
 omajiman
(@omajiman)
Active Member
Joined: 11 years ago
Posts: 12
Topic starter 22/11/2014 12:52 pm  

Hello Dear.

I want to know if there is(are) any computer/network forensics evidence scoring system just like the CVSS for NVD.

Thanks


   
Quote
MDCR
 MDCR
(@mdcr)
Reputable Member
Joined: 15 years ago
Posts: 376
22/11/2014 4:16 pm  

Yes


   
ReplyQuote
 omajiman
(@omajiman)
Active Member
Joined: 11 years ago
Posts: 12
Topic starter 22/11/2014 4:27 pm  

if

Yes

, so where, how can i get it.
I will grateful to access it.

Thanks


   
ReplyQuote
 Anonymous 6593
(@Anonymous 6593)
Guest
Joined: 17 years ago
Posts: 1158
23/11/2014 12:38 am  

I want to know if there is(are) any computer/network forensics evidence scoring system just like the CVSS for NVD.

Yes and no. Or perhaps I mean no, and yes.

No, not 'just like'. CVSS rates / describes a vulnerability according to definite criteria or metrics, providing a scale by which someone can evaluate it.

But evaluating evidence is what the judge/judges/jury (depending on local practice) does. 'Relevancy' for example. No one should do that decision for them.

They are also (again, subject to local practice) the people who decide if something is evidence in the first place. While you probably want to argue pro and con, you don't really want to make the decision yourself.

There are certain areas where evidence is ranked, such as child pornography, where an image can be rated from none at all, through minor nudity all the way up the scale. (This is not necessarily 'computer/network' forensics, though.) (Added See 'COPINE scale' on wikipedia, for example)

And there are areas where method may be rated (for example, such as error rate), but only as input to the court officials.

Snort … ranks attacks in priority classes, but I'm not clear if that is what you're asking about. If you are, you may want to consider malware ratings, such as those you can find published in Trend Threat Encyclopedia, for example.

But you won't find (I'm fairly sure) any Evidence Classification Score that says 'identification of person based on IP address Score 2 on a scale of 10'.

Perhaps you would explain how you think an evidence scoring system should work? Can you describe a scenario? That would make it easier to give you a useful answer.


   
ReplyQuote
MDCR
 MDCR
(@mdcr)
Reputable Member
Joined: 15 years ago
Posts: 376
24/11/2014 6:39 am  

Snort … ranks attacks in priority classes, but I'm not clear if that is what you're asking about. If you are, you may want to consider malware ratings, such as those you can find published in Trend Threat Encyclopedia, for example.

There is also a score (severity) associated with each attack that can be used to determine severity, and in real time too. And there are different sets of rules, other parsers and tools that can be downloaded and applied to look for different things than network attacks (example PII or Credit card signatures with regexp).

The question was rather generic and so was my answer. Skit in, skit ut.


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: