Network Forensics: Techniques and Challenges

Verified

Added on 2020/05/28

AI Summary

This assignment delves into the crucial field of network forensics, examining its techniques, tools, and inherent challenges. It discusses various methods employed to analyze network traffic for evidence of cyberattacks and breaches, including Network Intrusion Detection Systems (NIDS), Signature Based Intrusion Detection Systems (SIDS), and Host Based Intrusion Detection Systems (HIDS). The impact of these technologies in detecting malicious activities is analyzed, along with recommendations for enhancing network security through forensic practices. The assignment emphasizes the need for standardized frameworks in network forensics to effectively address evolving cyber threats.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: REAL-TIME NETWORK FORENSIC ANALYSIS
Real-Time Network Forensic Analysis
Name of the Student
Name of the University
Authors note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1REAL-TIME NETWORK FORENSIC ANALYSIS
Executive Summary
The following report consist of discussion about the different tools that are available for
digital network forensic analysis. In addition to that the, impact of this technology on the
cyber security and recommendations are described in the different sections of this report.

2REAL-TIME NETWORK FORENSIC ANALYSIS
Introduction
At present the organizational networks are often under constant security threats.
Digital forensic is all about interpreting and detecting the malicious electronic data in any
organizations digital network. The main objective of this process is to protect any kind of
evidence in the most possible original form [4]. In addition to that the, it also helps in
applying structured investigation of the network through the collection, identification as well
as validating the available information in order to reconstructing any security breach or
intrusion event.
Following sections of this report consist of discussion about the real-time forensic
analysis, its impact on the performance of the organizations network. In addition to that, the
report contributes to the recommendations that will improve this technology in protecting the
network.
Real Time forensic analysis
In case of the security breaches inside an organizational network, most of these
attacks goes undetected due to the lack of reporting of that incident.
In the network forensic the initial phase to capture the data packets that are
transmitted inside an organizational network. After this stage the captured data packets or the
data streams are preserved that are being ordered according to the order of transmission
between the connection of two hosts at the transportation layer [3]. This process is called
“Sessionizing". The connection of system stream – cleaning the captured data stream
applying filters to remove the unessential information from the transmission channel. The

3REAL-TIME NETWORK FORENSIC ANALYSIS
integrality of data requesting information streams persistently observed rather than
retransmitted depending upon the deployed forensic tools [1].
There are some basic methods that are used for network forensics
IDS (Intrusion detection system)
This is used by numerous organizations in order to collects electronic evidence and
detect intrusion inside an organization. Even though there are debates on the performance of
this technology in digital forensics but it is accepted by the researchers that, Intrusion
detection systems are one of the best tools to collect real time data from the cyber-attacks on
any organizational network.
Agent Technique
The agent in the has been generally utilized as a part of the network security
mechanisms. Particularly in case of the multiple agents based intrusion there are huge amount
of research has been done till date. Distributed real-time and dynamic system network
framework based on Agent is able shape a total network forensic framework by combining
the forensic database, forensic server and forensic agents [2]. This total framework can
analyze and investigate network intrusion effectively as well as timely. With the ability of
adaptive data packet acquisition system and in addition the capacity of information
combination of log framework, arrange activity and scanning of the data packets and so forth.
Nonetheless, this framework is flawed in system of synchronous accumulation of host
information and system information; what's more, it needs to address the access control in the
network, authentication process and encryption of the data.
Virtual honey pots inside the organizational network
virtual Honeypot acts as a counterfeit system whose behavior can be modelled or
changed as required by the network administrator. A system is able to simulate multiple

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4REAL-TIME NETWORK FORENSIC ANALYSIS
different kind honeypots that are executing on several machines running inside a network.
These virtual Honeypots inside the network can be organized in order to imitate specific
services in order to detect the attackers so that the attackers try to exploit those systems. In
this way the investigation can find out the patterns and techniques to exploit those honey
traps.
Email Forensics
With the increase of use of the emails in the organizations, intruders are attempting to
utilize it for malevolent activities and intrusion in to the organizational network. Spam emails
with malicious attachments are the most defenseless for assaulting and are the most
significant tools that are main security concern [5]. Due to its vulnerabilities, emails can be
utilized by attackers for communication and connecting through the servers inside the
network. Email forensics inside an organizational network indicates to concentrate to the
source also, the content of electronic mail as confirmation [1]. It likewise examines the
procedure of distinguishing proof of the genuine sender and beneficiary of a message,
date/time it was sent and other data as well. The greater part of the Emails may contain
vindictive infections, dangers and tricks. It might bring about the loss of information, private
data and even wholesale fraud. In order to distinguish the purpose of cause of the message,
the spammers and furthermore to distinguish the phishing messages that attempt to acquire
classified data from the receiver.
Impact
With the developing technologies there are different sophisticated and advanced tools
are available for analysing the data traffic in order to track the different attacks and exploits.
Some of them are described below;

5REAL-TIME NETWORK FORENSIC ANALYSIS
Network Based Intrusion Detection System (NIDS)- It sends sensors at key areas of
the network and examines activity by looking for convention infringement and irregular
connection designs and malicious content [1]. It's ability to distinguish strange behaviour of a
specific section of a network.
Signature Based Intrusion Detection System(SIDS)- It utilizes known attacking
examples or marks against a stream of occasions for location. It has low false caution rates
and furthermore has exact diagnostics.
Host Based Intrusion Detection System(HIDS)- It employments OS observing
system to discover malware in the framework. It screens shell charges and framework calls
executed by client applications and framework programs [3]. It has the most far reaching
program data for discovery and subsequently it is precise.
Recommendations
With all the above mentioned tools other important tools in the network forensics
include the strategies of IDS, Malicious Code, Honey trap, Intrusion Resistance, Network
Monitoring and Sensor, Agent, SVM, Convention Analysis and Network Tomography, and
so on. The necessities of forensic analysis even can be considered to hold data for potential
cyber-attack investigation activity during the time spent conventions outline with the
improvement of system legal sciences method.

6REAL-TIME NETWORK FORENSIC ANALYSIS
Conclusion
From the technical aspect or point of view, network forensics investigation too does
not have any standard framework. Therefore, it is important to investigate for a standard
structure, it is hard to address the issues of the reaction to the developing cybercrimes and
breaches inside the organizational network. For network forensic this activity speaks to an
imperative wellspring of autonomous proof in a domain where hostile to crime scene
investigation is progressively testing the legitimacy of PC based criminology. Performing
system crime scene investigation today to a great extent centres upon an examination in view
of the Internet Protocol (IP) address – as this is the main trademark accessible. All the more
regularly, in any case, agents are not really keen on the IP address yet rather the related client
with the increasing research and tests it can be assumed that the network forensic will get
better consideration, and will in dealing with the cybercrimes and other exploits carried out
by the attackers.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7REAL-TIME NETWORK FORENSIC ANALYSIS
References
[1]B. Bikash and S. Priya, "Survey on Real Time Security Mechanisms in Network
Forensics", International Journal of Computer Applications, vol. 151, no. 2, pp. 1-4, 2016.
[2]H. Jingfang, "The Application Research on Network Forensics", The Open
Automation and Control Systems Journal, vol. 5, no. 1, pp. 167-173, 2013.
[3]N. Clarke, F. Li and S. Furnell, "A novel privacy preserving user identification
approach for network traffic", Computers & Security, vol. 70, pp. 335-350, 2017.
[4]J. Hu and B. Li, "Research the Computer Forensics Based on Network", Advanced
Materials Research, vol. 694-697, pp. 2282-2285, 2013.
[5]"Digital Forensics Processing and Procedures", Network Security, vol. 2014, no. 5,
p. 4, 2014.

1 out of 8

+13062052269

info@desklib.com

Network Forensics: Techniques and Challenges

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Network Forensics: Features and Benefits

Cyber Operations: Analysis of Network Traffic and Packet Capture using Wireshark

Cyber Security Detection of Common Attacks Using SNORT Project 2022

Network Packet Forensic Report 2022

Intrusion Detection System and Snort: A Comprehensive Guide

Challenges and Approaches to Overcome Session Hijacking and Intrusion Detection Systems