Network Forensics E...
 
Notifications
Clear all

Network Forensics Evidence Scoring System

5 Posts
3 Users
0 Likes
443 Views
(@omajiman)
Posts: 12
Active Member
Topic starter
 

Hello Dear.

I want to know if there is(are) any computer/network forensics evidence scoring system just like the CVSS for NVD.

Thanks

 
Posted : 22/11/2014 11:52 am
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

Yes

 
Posted : 22/11/2014 3:16 pm
(@omajiman)
Posts: 12
Active Member
Topic starter
 

if

Yes

, so where, how can i get it.
I will grateful to access it.

Thanks

 
Posted : 22/11/2014 3:27 pm
(@athulin)
Posts: 1155
Noble Member
 

I want to know if there is(are) any computer/network forensics evidence scoring system just like the CVSS for NVD.

Yes and no. Or perhaps I mean no, and yes.

No, not 'just like'. CVSS rates / describes a vulnerability according to definite criteria or metrics, providing a scale by which someone can evaluate it.

But evaluating evidence is what the judge/judges/jury (depending on local practice) does. 'Relevancy' for example. No one should do that decision for them.

They are also (again, subject to local practice) the people who decide if something is evidence in the first place. While you probably want to argue pro and con, you don't really want to make the decision yourself.

There are certain areas where evidence is ranked, such as child pornography, where an image can be rated from none at all, through minor nudity all the way up the scale. (This is not necessarily 'computer/network' forensics, though.) (Added See 'COPINE scale' on wikipedia, for example)

And there are areas where method may be rated (for example, such as error rate), but only as input to the court officials.

Snort … ranks attacks in priority classes, but I'm not clear if that is what you're asking about. If you are, you may want to consider malware ratings, such as those you can find published in Trend Threat Encyclopedia, for example.

But you won't find (I'm fairly sure) any Evidence Classification Score that says 'identification of person based on IP address Score 2 on a scale of 10'.

Perhaps you would explain how you think an evidence scoring system should work? Can you describe a scenario? That would make it easier to give you a useful answer.

 
Posted : 22/11/2014 11:38 pm
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

Snort … ranks attacks in priority classes, but I'm not clear if that is what you're asking about. If you are, you may want to consider malware ratings, such as those you can find published in Trend Threat Encyclopedia, for example.

There is also a score (severity) associated with each attack that can be used to determine severity, and in real time too. And there are different sets of rules, other parsers and tools that can be downloaded and applied to look for different things than network attacks (example PII or Credit card signatures with regexp).

The question was rather generic and so was my answer. Skit in, skit ut.

 
Posted : 24/11/2014 5:39 am
Share: