A forensically robust data acquisition from a 10G line-rate network

De-duplication, which is a technology that can store data by removing redundant data, continues to receive a lot of attention. Because it reduces the storage required for writing tremendous data, as well as relatively lessens the transmission time and network utilization when data is transmitted. It is also required for the cyber blackbox which records network traffic and analyzes the causes of cyber incident over the network because the cyber blackbox should urgently address the storage issue to provide forensically robust acquisition of traffic. As an approach to the problem, we propose the EvidenceLock and our de-duplication method for continuously securing the storage to record the traffic. Next, the efficiency of the de-duplication module will be evaluated, and then the performance of the cyber blackbox when integrated with the de-duplication module will be measured. Finally, we'll discuss the results and present further works.