Network Packet Forensic Report 2022
VerifiedAdded on 2022/10/06
|6
|3000
|7
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: REPORT ON NETWORK PACKET FORENSIC
REPORT
ON
NETWORK PACKET FORENSIC
Name of the Student
Name of the University
Author Note:
REPORT
ON
NETWORK PACKET FORENSIC
Name of the Student
Name of the University
Author Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1Network Packet Forensic
Abstract- This paper has focused on the
analysis of the functionalities of Digital
Forensic. Followed by which it has
effectively discussed about the application
of Network Packet Forensic. In order to
support the discussion it has also
investigate the previous researches with
the purpose to elaborate the necessity of
the approached project which is based on
the application network packet forensic.
Following the discussion it also consist of
effective recommendation to address the
identified limitations.
Introduction:
The aim of this report is to discuss
about the application of digital forensic
considering the current industrial growth.
Digital forensic is nothing but a branch of
investigation which is applied only for the
purpose to investigate the unusual
activities present in the digital devices.
Digital forensic has been mostly utilized in
the cyber security field with the purpose to
detect the suspicious activities present in
an IT infrastructure. While discussing this
aspect it will also provide a detail
investigation result on the application as
well as on the necessity of digital forensic.
[1] Followed by this it will focus on the
classifications of it, in which it will discuss
the aspect of network packet forensic with
the purpose support the above discussion.
Considering the objective of this paper to
determine the benefits of digital forensic, a
detail investigation has been conducted
followed by which this paper consist a
detail elaboration of the background of
introducing the network forensic into the
digital forensic field with the purpose to
analyze the network traffic which will help
to gather the information about the
intrusion present in the network. Along
with this discussion it will also consist a
detail investigation on the application of
Network Packet Forensic relating it with
real time case scenario. After accounting
this discussion the paper will also include
the discussion on the identified limitations
followed by which it will suggest effective
mitigation approach which can be applied
to address the limitations.
Digital Forensic:
In the field of forensic science it has
been noticed that there is a huge
significance of digital forensic as it works
by investigating the criminal activities
present in the IT organizational
infrastructure. Followed by this aspect the
application of Digital Forensic has been
introduced into the digital world to
investigate and determine the suspicious
activities that may harm the services of the
identified organization. Considering the
above mentioned objective behind the
application of digital forensic it has been
noticed that currently in the IT field digital
forensic is participating with the purpose
to recover a digital system from the
unauthorized network intrusion as well as
from any sort of illegal activities which
has been accounted from the external
behavior.[2] Followed by this objective it
has been noticed that digital forensic holds
significant impact on the determination of
the intrusion that is present in the IT
server. In order to determine the
mentioned intrusion present in the network
sever digital forensic opt for several steps
which includes the collection of
information from the physical digital
devices with the purpose to get the
knowledge about the data loss or threats.
After completion of the information
gathering process it will then proceed from
the examination of those collected data
from which it can extract required data
with the purpose to proceed further with
the discussion. [3] After completion of the
above step it will then analyze the data by
which it will determine the affected area
and then report according to the analyzed
data. In the field of digital forensic there is
a huge application of digital forensic tools
present which includes the sniffer
wireshark as well as the linux distribution
system is also open for the digital forensic
operation. Followed by the above
discussion studies has proven that in
Abstract- This paper has focused on the
analysis of the functionalities of Digital
Forensic. Followed by which it has
effectively discussed about the application
of Network Packet Forensic. In order to
support the discussion it has also
investigate the previous researches with
the purpose to elaborate the necessity of
the approached project which is based on
the application network packet forensic.
Following the discussion it also consist of
effective recommendation to address the
identified limitations.
Introduction:
The aim of this report is to discuss
about the application of digital forensic
considering the current industrial growth.
Digital forensic is nothing but a branch of
investigation which is applied only for the
purpose to investigate the unusual
activities present in the digital devices.
Digital forensic has been mostly utilized in
the cyber security field with the purpose to
detect the suspicious activities present in
an IT infrastructure. While discussing this
aspect it will also provide a detail
investigation result on the application as
well as on the necessity of digital forensic.
[1] Followed by this it will focus on the
classifications of it, in which it will discuss
the aspect of network packet forensic with
the purpose support the above discussion.
Considering the objective of this paper to
determine the benefits of digital forensic, a
detail investigation has been conducted
followed by which this paper consist a
detail elaboration of the background of
introducing the network forensic into the
digital forensic field with the purpose to
analyze the network traffic which will help
to gather the information about the
intrusion present in the network. Along
with this discussion it will also consist a
detail investigation on the application of
Network Packet Forensic relating it with
real time case scenario. After accounting
this discussion the paper will also include
the discussion on the identified limitations
followed by which it will suggest effective
mitigation approach which can be applied
to address the limitations.
Digital Forensic:
In the field of forensic science it has
been noticed that there is a huge
significance of digital forensic as it works
by investigating the criminal activities
present in the IT organizational
infrastructure. Followed by this aspect the
application of Digital Forensic has been
introduced into the digital world to
investigate and determine the suspicious
activities that may harm the services of the
identified organization. Considering the
above mentioned objective behind the
application of digital forensic it has been
noticed that currently in the IT field digital
forensic is participating with the purpose
to recover a digital system from the
unauthorized network intrusion as well as
from any sort of illegal activities which
has been accounted from the external
behavior.[2] Followed by this objective it
has been noticed that digital forensic holds
significant impact on the determination of
the intrusion that is present in the IT
server. In order to determine the
mentioned intrusion present in the network
sever digital forensic opt for several steps
which includes the collection of
information from the physical digital
devices with the purpose to get the
knowledge about the data loss or threats.
After completion of the information
gathering process it will then proceed from
the examination of those collected data
from which it can extract required data
with the purpose to proceed further with
the discussion. [3] After completion of the
above step it will then analyze the data by
which it will determine the affected area
and then report according to the analyzed
data. In the field of digital forensic there is
a huge application of digital forensic tools
present which includes the sniffer
wireshark as well as the linux distribution
system is also open for the digital forensic
operation. Followed by the above
discussion studies has proven that in
2Network Packet Forensic
digital forensic consists of several
branches in which it performs effective
performances with the purpose to detect
the intrusion in the computing field. Those
branches includes the network forensic,
computer forensic, digital image forensic,
memory forensic, digital video and audio
forensic, mobile device forensic.[4]
However, considering the current
industrial growth of the technology and the
digital threats network forensic is one of
the most effective as well as frequently
used digital forensic field. Considering this
aspect a detail elaboration of researches
conducted on the application of Network
Forensic is provided below.
Network Packet Forensic:
Followed by the above discussion it can
be stated that network forensic is one of
the most effective digital forensic
techniques which is utilized on the digital
devices with the purpose to monitor and
determine the unusual activities that
happens in the IT network server.
Comparing the network forensic
technology with the other digital forensic
technologies it has been noticed that
Network forensic it one of the most active
forensic technology as it deals with the
real time dynamic data. Followed by this
aspect in the procedure of network forensic
techniques it has been observed that it
works with the analyzing the network
environment from which it will detect the
intrusions which satisfies the technical and
legal aspects. Along with the above
operations it analyses the network server
by investigating and monitoring the
network servers from which the evidence
against the criminal can be found in the
organizational network server as it is quite
difficult for the criminal to erase the
evidence from the IT network server.
Followed by this aspect several researches
has mentioned that in order to collect the
network data two highly effective methods
are used which includes the “Stop look
listen” and the “Catch it as you can”
method. In the catch it as you can method
it analyses the network traffic from a
specific point of the network from where
each of the transaction passes, whereas the
in the Stop look listen method it has been
noticed that it works by analyzing the data
storage where all of the data are stored
with the purpose to make it a fastest as
well as effective process of intrusion
detection. Followed by the above
mentioned research several studies has
mentioned that in order to detect the
intrusion present in the network server, the
network forensic investigation are most
done on the TCP/IP, Ethernet as well as of
the internet.
TCP/IP-
According to the studies TCP and IP
holds significant impact on the passing the
network packets via the network. In order
to proceed with this above mentioned
objective it has been noticed that in
TCP/IP a router table is followed to
continue the process. Hence, in this scope
the application of forensic on the router
table will help to gather more information
about the network server activities.[5]
Ethernet-
Along with the above mentioned
application, the application of network
forensic on the Ethernet will help the
investigator to detect the network as gather
more data as it has been observed from
studies that investigation on Ethernet will
help to gather several information related
to the IP address, MAC address as well as
the ARP tables which helps to gather detail
information about the network activity.[6]
Internet-
Followed by the above investigation the
application of network forensic on the
internet can effectively provide the
evidence against the criminal related to the
internet activities. Hence, it can be stated
that the application of network forensic
technique can be effective if in case it is
applied in peer to peer sever traffic to
monitor the server activity. [7]
digital forensic consists of several
branches in which it performs effective
performances with the purpose to detect
the intrusion in the computing field. Those
branches includes the network forensic,
computer forensic, digital image forensic,
memory forensic, digital video and audio
forensic, mobile device forensic.[4]
However, considering the current
industrial growth of the technology and the
digital threats network forensic is one of
the most effective as well as frequently
used digital forensic field. Considering this
aspect a detail elaboration of researches
conducted on the application of Network
Forensic is provided below.
Network Packet Forensic:
Followed by the above discussion it can
be stated that network forensic is one of
the most effective digital forensic
techniques which is utilized on the digital
devices with the purpose to monitor and
determine the unusual activities that
happens in the IT network server.
Comparing the network forensic
technology with the other digital forensic
technologies it has been noticed that
Network forensic it one of the most active
forensic technology as it deals with the
real time dynamic data. Followed by this
aspect in the procedure of network forensic
techniques it has been observed that it
works with the analyzing the network
environment from which it will detect the
intrusions which satisfies the technical and
legal aspects. Along with the above
operations it analyses the network server
by investigating and monitoring the
network servers from which the evidence
against the criminal can be found in the
organizational network server as it is quite
difficult for the criminal to erase the
evidence from the IT network server.
Followed by this aspect several researches
has mentioned that in order to collect the
network data two highly effective methods
are used which includes the “Stop look
listen” and the “Catch it as you can”
method. In the catch it as you can method
it analyses the network traffic from a
specific point of the network from where
each of the transaction passes, whereas the
in the Stop look listen method it has been
noticed that it works by analyzing the data
storage where all of the data are stored
with the purpose to make it a fastest as
well as effective process of intrusion
detection. Followed by the above
mentioned research several studies has
mentioned that in order to detect the
intrusion present in the network server, the
network forensic investigation are most
done on the TCP/IP, Ethernet as well as of
the internet.
TCP/IP-
According to the studies TCP and IP
holds significant impact on the passing the
network packets via the network. In order
to proceed with this above mentioned
objective it has been noticed that in
TCP/IP a router table is followed to
continue the process. Hence, in this scope
the application of forensic on the router
table will help to gather more information
about the network server activities.[5]
Ethernet-
Along with the above mentioned
application, the application of network
forensic on the Ethernet will help the
investigator to detect the network as gather
more data as it has been observed from
studies that investigation on Ethernet will
help to gather several information related
to the IP address, MAC address as well as
the ARP tables which helps to gather detail
information about the network activity.[6]
Internet-
Followed by the above investigation the
application of network forensic on the
internet can effectively provide the
evidence against the criminal related to the
internet activities. Hence, it can be stated
that the application of network forensic
technique can be effective if in case it is
applied in peer to peer sever traffic to
monitor the server activity. [7]
3Network Packet Forensic
According to the studies it has been also
noticed that in the field of network packet
digital forensic wireless digital forensic is
also very important in which the
investigation done on the wireless network
traffic with the purpose to analyze the
wireless network and detect intrusion.
Literature review:
Followed by the above discussion
as well as after analyzing the current
growth of technology as well as the
external threats several researcher has
focused on the aspect of detection the
intrusion in order to protect the network
server from the external threats.
Considering this aspect studies has
mentioned that in the digital forensic
process it determines the unusual activities
from the network server. However, unlike
the physical evidence gathering process
there are several conflict present while
analyzing the digital evidences. Hence, in
order to protect the organizational assets as
well as the organizational resources it is
highly essential to apply network packet
forensic. With the purpose to determine
the intrusion present in
Project:
Considering the above discussion it
has been also noticed that in an
organizational scenario of a SME there
which provides effective services to the
government of Australia. However, during
the investigation it has been noticed that in
the organizational network there are
several suspicious activities has been
detected which holds significant impact on
the services of the organization.
After analyzing the above
mentioned case scenario it can be
suggested that the application of network
packet forensic in the organizational
network server will help to detect the
intrusion as well as it will also investigate
the criminal for this identified behavior.
Hence, in order to determine the possible
intrusion present in the identified
organizational scope the application of
TCP/IP forensic detection as well as the
detection of the internet packet traffic
passer with the purpose to detect the
intrusion present in the organizational
network.
Limitations:
Network forensics’ key challenge if first
ensuring that network is ready forensically.
For network investigation to be successful,
network must be provided with
infrastructure for fully supporting this
investigation. Infrastructure should make
sure that there is existence of required data
for full investigation [8]. Network forensic
infrastructure’s design is challenging task
as there are several possibilities in design
space. Following are the brief description
of few of the challenges:
Data sources: Many possible data
sources exists in typical network
that includes packets of raw
network and network services and
devices logs. Although it can be
desirable for collecting data from
every possible sources, such option
cannot be feasible always
especially to large networks.
Hence, it is important decision in
selecting data sources that provides
good network coverage and makes
collection processes more practical.
Data Integrity: Ensuring integrity
of data collected is crucial. The
forensics process’s outcome could
be affected adversely if data
collected are changed either
accidentally or deliberately [9].
Therefore, measures are required to
be implemented for ensuring
integrity of data during data
analysis and collection.
Data granularity: An issue related
to selection of data sources is in
deciding how much data to be kept.
For example, when network
packets are being collected, whole
packets, headers of packet and
According to the studies it has been also
noticed that in the field of network packet
digital forensic wireless digital forensic is
also very important in which the
investigation done on the wireless network
traffic with the purpose to analyze the
wireless network and detect intrusion.
Literature review:
Followed by the above discussion
as well as after analyzing the current
growth of technology as well as the
external threats several researcher has
focused on the aspect of detection the
intrusion in order to protect the network
server from the external threats.
Considering this aspect studies has
mentioned that in the digital forensic
process it determines the unusual activities
from the network server. However, unlike
the physical evidence gathering process
there are several conflict present while
analyzing the digital evidences. Hence, in
order to protect the organizational assets as
well as the organizational resources it is
highly essential to apply network packet
forensic. With the purpose to determine
the intrusion present in
Project:
Considering the above discussion it
has been also noticed that in an
organizational scenario of a SME there
which provides effective services to the
government of Australia. However, during
the investigation it has been noticed that in
the organizational network there are
several suspicious activities has been
detected which holds significant impact on
the services of the organization.
After analyzing the above
mentioned case scenario it can be
suggested that the application of network
packet forensic in the organizational
network server will help to detect the
intrusion as well as it will also investigate
the criminal for this identified behavior.
Hence, in order to determine the possible
intrusion present in the identified
organizational scope the application of
TCP/IP forensic detection as well as the
detection of the internet packet traffic
passer with the purpose to detect the
intrusion present in the organizational
network.
Limitations:
Network forensics’ key challenge if first
ensuring that network is ready forensically.
For network investigation to be successful,
network must be provided with
infrastructure for fully supporting this
investigation. Infrastructure should make
sure that there is existence of required data
for full investigation [8]. Network forensic
infrastructure’s design is challenging task
as there are several possibilities in design
space. Following are the brief description
of few of the challenges:
Data sources: Many possible data
sources exists in typical network
that includes packets of raw
network and network services and
devices logs. Although it can be
desirable for collecting data from
every possible sources, such option
cannot be feasible always
especially to large networks.
Hence, it is important decision in
selecting data sources that provides
good network coverage and makes
collection processes more practical.
Data Integrity: Ensuring integrity
of data collected is crucial. The
forensics process’s outcome could
be affected adversely if data
collected are changed either
accidentally or deliberately [9].
Therefore, measures are required to
be implemented for ensuring
integrity of data during data
analysis and collection.
Data granularity: An issue related
to selection of data sources is in
deciding how much data to be kept.
For example, when network
packets are being collected, whole
packets, headers of packet and
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4Network Packet Forensic
connection information might be
collected. It is not practical in
keeping details of extensive data
within large networks.
Privacy Issues: Data collected is
expected in including sensitive
information like personal files and
emails. Therefore, it is crucial to
properly handle these data. Data
needs to be protected using
measures of access control, so
access can be granted to authorized
person only.
Data Analysis: Main challenge is to
analyze the data collected for
producing useful information
which could be used in process of
decision making. This process of
analysis is challenging due to
complexity of distinctive network
environment and involvement of
diversity and amount of data [10].
There is need of innovative tools
for helping human investigators for
analyzing data. Techniques might
be applied by these tools from
fields such as information
visualization and data mining.
Data used for Legal Evidences: It is
different to use data collected
internally from an organization
from presenting data in law court.
Legal procedures has to be passed
by data collected for qualifying in
law court as evidence.
Recommendations and conclusion:
Nowadays various products are used by
organizations for protecting their network
system. With ICT environment’s
increasing demand, virtual network’s use
acquire importance. While these products
overcome several attacks, still novel
attacks avoid prevention products without
detection. In such situations, investigation
of attacks could be a challenging task.
Concurrent with this development,
increasing emphasis is there on reliable
methods of digital examination. Transition
of physical network to virtual networks is
analyzed from forensics perspective and
NFI’s arising problems are derived within
virtual networks. This problem is separated
into three parts such as organizational,
offline and online. Depending on the
separation, six conditions are derived that
are necessary for implementing valid NFI
within virtual networks. For computer
security, introduction of network forensics
are proposed for investigating capabilities
within current networks. Dedicated
infrastructure of investigation is referred
which allows for analysis and collection of
packets of networks and events of
investigate purpose. In this paper, several
network forensics aspects are reviewed
and related technologies along with the
limitations. This paper also summarizes
challenges of network forensics. Also,
challenges for deploying infrastructure of
network forensics were highlighted. This
paper’s overall contribution is surveying of
different techniques and tools available for
conducting network forensics. All tools
mentioned in the paper can be used for
free, for trials at least. This paper explored
separate mechanisms of IP traceback.
Simulations were used for finding out
convergence time of attack paths of
different lengths, attack routers of different
marking probabilities. Network forensics
makes sure of faster response against an
attack. The ability for investigating attacks
are provided by tracing attacks back to its
source and in discovering the attacker’s
nature whether it is host, network or
person. In addition, methods are provided
by network forensics for predicting future
attacks through correlating patterns of
attack from past records of traffic data.
This facilitates admissible evidence’s
presentation in law court. This paper is a
quick survey on network forensics, several
types of traffic data and several system
types used for collecting them. Analysis
tool of network forensics is a technology
which is still developing. Like other new
technology and security tool, organizations
need in weighing advantages and
connection information might be
collected. It is not practical in
keeping details of extensive data
within large networks.
Privacy Issues: Data collected is
expected in including sensitive
information like personal files and
emails. Therefore, it is crucial to
properly handle these data. Data
needs to be protected using
measures of access control, so
access can be granted to authorized
person only.
Data Analysis: Main challenge is to
analyze the data collected for
producing useful information
which could be used in process of
decision making. This process of
analysis is challenging due to
complexity of distinctive network
environment and involvement of
diversity and amount of data [10].
There is need of innovative tools
for helping human investigators for
analyzing data. Techniques might
be applied by these tools from
fields such as information
visualization and data mining.
Data used for Legal Evidences: It is
different to use data collected
internally from an organization
from presenting data in law court.
Legal procedures has to be passed
by data collected for qualifying in
law court as evidence.
Recommendations and conclusion:
Nowadays various products are used by
organizations for protecting their network
system. With ICT environment’s
increasing demand, virtual network’s use
acquire importance. While these products
overcome several attacks, still novel
attacks avoid prevention products without
detection. In such situations, investigation
of attacks could be a challenging task.
Concurrent with this development,
increasing emphasis is there on reliable
methods of digital examination. Transition
of physical network to virtual networks is
analyzed from forensics perspective and
NFI’s arising problems are derived within
virtual networks. This problem is separated
into three parts such as organizational,
offline and online. Depending on the
separation, six conditions are derived that
are necessary for implementing valid NFI
within virtual networks. For computer
security, introduction of network forensics
are proposed for investigating capabilities
within current networks. Dedicated
infrastructure of investigation is referred
which allows for analysis and collection of
packets of networks and events of
investigate purpose. In this paper, several
network forensics aspects are reviewed
and related technologies along with the
limitations. This paper also summarizes
challenges of network forensics. Also,
challenges for deploying infrastructure of
network forensics were highlighted. This
paper’s overall contribution is surveying of
different techniques and tools available for
conducting network forensics. All tools
mentioned in the paper can be used for
free, for trials at least. This paper explored
separate mechanisms of IP traceback.
Simulations were used for finding out
convergence time of attack paths of
different lengths, attack routers of different
marking probabilities. Network forensics
makes sure of faster response against an
attack. The ability for investigating attacks
are provided by tracing attacks back to its
source and in discovering the attacker’s
nature whether it is host, network or
person. In addition, methods are provided
by network forensics for predicting future
attacks through correlating patterns of
attack from past records of traffic data.
This facilitates admissible evidence’s
presentation in law court. This paper is a
quick survey on network forensics, several
types of traffic data and several system
types used for collecting them. Analysis
tool of network forensics is a technology
which is still developing. Like other new
technology and security tool, organizations
need in weighing advantages and
5Network Packet Forensic
disadvantages of technology of network
forensics. For many companies, this
technology with limitations of it cannot be
considered for implementation.
Organizations are evolving to larger
bandwidth and higher speed networks.
More data is being travelled within the
networks and from several devices. It is an
increasing trend of data being moved to
cloud servers. Activities of virtual IP
addresses is required to be examined by
network forensics on enterprise scale for
identifying activities which act as IOC.
Network forensics are adjunct to cloud
forensics.
Reference:
[1] M. Manasse and A. Limaye, salesforce
com Inc, 2018. Packet inspection and
forensics in an encrypted network. U.S.
Patent Application 15/421,549.
[2] D. Spiekermann, J. Kellerand T.
Eggendorfer,2017. Network forensic
investigation in OpenFlow networks with
ForCon. Digital Investigation, 20, pp.S66-
S74.
[3] S. Khan, A. Gani, A.W.M. Wahab, M.
Shiraz, and I. Ahmad, 2016. Network
forensics: Review, taxonomy, and open
challenges. Journal of Network and
Computer Applications, 66, pp.214-235.
[4] G. Pimenta Rodrigues, de Oliveira R.
Albuquerque, F. Gomes de Deus, G. de
Oliveira Júnior, L. García Villalba, and
T.H. Kim, 2017. Cybersecurity and
network forensics: Analysis of malicious
traffic towards a Honeynet with Deep
Packet Inspection. Applied
Sciences, 7(10), p.1082.
[5] S. Achleitner, T. La Porta, T. Jaeger
and P. McDaniel, 2017, April. Adversarial
network forensics in software defined
networking. In Proceedings of the
Symposium on SDN Research (pp. 8-20).
ACM.
[6] A. Lubis and A.P.U. Siahaan, 2016.
Network Forensic Application in General
Cases. IOSR J. Comput. Eng, 18(6),
pp.41-44.
[7] J. Parry, D. Hunter, K. Radke and C.
Fidge, 2016, February. A network
forensics tool for precise data packet
capture and replay in cyber-physical
systems. In Proceedings of the
Australasian Computer Science Week
Multiconference (p. 22). ACM.
[8] G. Shrivastava, K. Sharma, and R.
Kumari, 2016, March. Network forensics:
Today and tomorrow. In 2016 3rd
International Conference on Computing
for Sustainable Global Development
(INDIACom) (pp. 2234-2238). IEEE.
[9] T.D. Nguyen and C.E. Irvine 2018,
April. Development of industrial network
forensics lessons. In Proceedings of the
Fifth Cybersecurity Symposium (p. 7).
ACM.
[10] S.A. Qasim, J. Lopez and I. Ahmed,
2019, September. Automated
Reconstruction of Control Logic for
Programmable Logic Controller Forensics.
In International Conference on Information
Security (pp. 402-422). Springer, Cham.
disadvantages of technology of network
forensics. For many companies, this
technology with limitations of it cannot be
considered for implementation.
Organizations are evolving to larger
bandwidth and higher speed networks.
More data is being travelled within the
networks and from several devices. It is an
increasing trend of data being moved to
cloud servers. Activities of virtual IP
addresses is required to be examined by
network forensics on enterprise scale for
identifying activities which act as IOC.
Network forensics are adjunct to cloud
forensics.
Reference:
[1] M. Manasse and A. Limaye, salesforce
com Inc, 2018. Packet inspection and
forensics in an encrypted network. U.S.
Patent Application 15/421,549.
[2] D. Spiekermann, J. Kellerand T.
Eggendorfer,2017. Network forensic
investigation in OpenFlow networks with
ForCon. Digital Investigation, 20, pp.S66-
S74.
[3] S. Khan, A. Gani, A.W.M. Wahab, M.
Shiraz, and I. Ahmad, 2016. Network
forensics: Review, taxonomy, and open
challenges. Journal of Network and
Computer Applications, 66, pp.214-235.
[4] G. Pimenta Rodrigues, de Oliveira R.
Albuquerque, F. Gomes de Deus, G. de
Oliveira Júnior, L. García Villalba, and
T.H. Kim, 2017. Cybersecurity and
network forensics: Analysis of malicious
traffic towards a Honeynet with Deep
Packet Inspection. Applied
Sciences, 7(10), p.1082.
[5] S. Achleitner, T. La Porta, T. Jaeger
and P. McDaniel, 2017, April. Adversarial
network forensics in software defined
networking. In Proceedings of the
Symposium on SDN Research (pp. 8-20).
ACM.
[6] A. Lubis and A.P.U. Siahaan, 2016.
Network Forensic Application in General
Cases. IOSR J. Comput. Eng, 18(6),
pp.41-44.
[7] J. Parry, D. Hunter, K. Radke and C.
Fidge, 2016, February. A network
forensics tool for precise data packet
capture and replay in cyber-physical
systems. In Proceedings of the
Australasian Computer Science Week
Multiconference (p. 22). ACM.
[8] G. Shrivastava, K. Sharma, and R.
Kumari, 2016, March. Network forensics:
Today and tomorrow. In 2016 3rd
International Conference on Computing
for Sustainable Global Development
(INDIACom) (pp. 2234-2238). IEEE.
[9] T.D. Nguyen and C.E. Irvine 2018,
April. Development of industrial network
forensics lessons. In Proceedings of the
Fifth Cybersecurity Symposium (p. 7).
ACM.
[10] S.A. Qasim, J. Lopez and I. Ahmed,
2019, September. Automated
Reconstruction of Control Logic for
Programmable Logic Controller Forensics.
In International Conference on Information
Security (pp. 402-422). Springer, Cham.
1 out of 6
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.