Abstract:
Over the past decade, wireless mobile communication technology based on the IEEE 802.11
Wireless Local Area Networks (WLANs) has been adopted worldwide on a massive scale.
However, as the number of wireless users has soared, so has the possibility of cybercrime.
WLAN digital forensics is seen as not only a response to cybercrime in wireless networks,
but also a means to stem the increase of cybercrime in WLANs. The main challenge in
WLAN digital forensics is to intercept and preserve all the communications generated by the
mobile stations and to conduct a proper digital forensic investigation on them. In an attempt
to address this issue, the study presents firstly how a WLAN functions by simply studying the
association mechanism between mobile stations and the Access Point (AP), and secondly
how traffic is transmitted from a source to a destination address and the security attacks
associated with such transmission. Furthermore, the dissertation analyses different digital
forensic process models because every digital forensic investigation should follow a digital
forensic investigation process. The study also looks at various tools for extracting the everincreasing
amount of evidential data that passes through the WLAN. These tools are
scrutinised to observe if they possess any digital forensic capabilities and a model is proposed
to implement digital forensic readiness in WLANs. The proposed model is designed to monitor, log, preserve, analyse and report wireless network traffic for digital forensic
investigations. Thus, the information needed by the digital forensic experts is rendered
readily available, should it become necessary to conduct a digital forensic investigation. The
availability of this digital information maximises the chances of its being used as digital
evidence and reduces the cost of conducting the entire digital forensic investigation process.
The proposed model is then translated into a prototype to show its viability. The results of the
prototype are then analysed through experiments. The experiments were found to increase the
usefulness of the forensically captured network traffic. The experiments showed that
organisations that use WLANs can greatly benefit by deploying the forensic readiness model
and if an incident were to be reported later on and a digital forensic investigation is
warranted, the organisation would simple extract the forensically captured and stored data
and conduct an analysis rather than conducting the investigation from the beginning. The
dissertation also provides a critical analysis of the proposed solution and lastly, the
dissertation provides the legal issues with regard to traffic interception in the South African
context.
