This thesis focuses on a part of Internet forensics concerned with determining the geographic location of Internet hosts, also known as geolocation. Several techniques to geolocation exist. A classification of these techniques, and a comparative analysis of their properties is conducted. Based on this analysis several novel improvements to current techniques are suggested. As part of an earlier designed Multi-Agent Framework for Internet Forensics (MAFIF), an application implementing two active- measurement geolocation techniques is designed, implemented and tested. Experiments with the application are performed in the Uninett network, with the goal of identifying the impact of different network properties on geolocation. What most clearly set this thesis apart from earlier work, in addition to the use of a multi-agent system, is the analysis of the impact of IPv6 on geolocation, and the introduction of multi-party computation to geolocation. The extensive focus on delay measurements, although not bringing anything new to the field of networking in general, is also new to geolocation as far as we know.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:ntnu-10145 |
Date | January 2006 |
Creators | Thorvaldsen, Øystein Espelid |
Publisher | Norges teknisk-naturvitenskapelige universitet, Institutt for datateknikk og informasjonsvitenskap, Institutt for telematikk |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.234 seconds