hw C

Imagine you are testifying in court about anomalous activity on the network. The attorney asks you how the Internet traffic indicated unusual activity and how you knew this was unusual. Explain how you would answer this question on the stand using two specific examples and discuss how these examples would convince the attorney that your reasoning as to how you knew the internet traffic was unusual was valid.

References

Meghanathan, N., Allam, S.R., & Moore, L.A. (2009).  Tools and techniques for network forensics. International Journal of Network Security & Its Applications, 1(1). 14-25. 

Jones, A.K., & Sielken, R.S. (2000).  Computer system intrusion detection: A survey. 

Bromiley, M. (2016).  Keys to effective anomaly detection. SANS Institute. 

Wadner, K. (2015).  A network analysis of a web server compromise. SANS Institute.