Network Forensics Report: Real-Time Security Analysis and Techniques

Verified

Added on 2020/05/28

AI Summary

This report provides a comprehensive overview of network forensics, emphasizing its role in capturing, recording, and analyzing network events to identify security threats and vulnerabilities. It explores the benefits organizations gain from network forensics, including improved alignment with compliance requirements and the ability to analyze network performance demands. The report delves into real-time security mechanisms such as firewalls, email forensics, and packet sniffers. It references several journal articles that highlight the increasing prevalence of cyber-attacks, the importance of network forensics in digital forensics, and the various techniques and frameworks used for intrusion detection and prevention. The report also touches upon the use of IP address analysis, network traffic metadata, and biometric techniques in network forensics, concluding with a discussion of real-time collaborative network forensic schemes for monitoring and investigating cyber intrusions. This information is designed to help students and researchers understand the importance of network forensics in modern cybersecurity.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

What is the overall argument / position of your report?
Network forensics focuses on capturing, recording as well as analysing various network events for
discovering the security attacker or other network related issues. One type of network analysis system
captures and analyses all the packets that pass through certain network points. Another type of network
analysis system analyses packets after storing it in the memory and saves selective details for the purpose
of future analysis. Organizations can get several benefits by using network forensics. Network forensics can
help the companies to adjust to the increased data and appropriately identify security threats and
vulnerabilities. It helps the companies to easily align with legislative and corporate compliance
requirements. Network forensics enables organizations to analyse the performance demands of its
network. This report focuses on the features and benefits of network forensics. It discusses the real-time
security mechanisms such as firewalls, email forensics, web forensics, packet sniffers and firewalls in
network forensics.
First journal article
Cyber-attacks are increasing at a fast rate with the growing use of the Internet. Network forensics is
considered to be a part of digital forensics. It is used for monitoring, correlating, examining and analysing
the traffic of computer networks for different purposes such as information gathering and intrusion
detection. The process model of network forensics has nine steps that include initial preparation, detection
of anomalies, data traffic collection, preservation of original data, data examination, integrated data

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

analysis, investigation, presentation of information and incident response. Network forensics consists of
certain security mechanisms such as firewalls, honeypot forensics, email forensics, web forensics and
packet sniffers. Network forensics will play a significant role in managing the security mechanism of
network intrusion.
Second journal article
Network forensics is used for security defence in a network. It is a branch of digital forensics that is being
developed in the recent times. Criminals use certain techniques to hide information and harm the network
traffic. Network forensics plays an active role in detecting network intrusion. The initial step in the network
forensics process is to capture the network packet. Network forensics helps in preventing any cyber-attacks
that can harm the network traffic. The major techniques involved in network forensics include IDS, Intrusion
Tolerance, SVM, Protocol Analysis, Network Tomography, Malicious Code and Network Monitoring. The
network forensics framework includes but is not limited to real-time intrusion.
Third journal article
The increase in the use of cloud-based applications as well as the Internet technology has made the people
dependent on network connectivity for operating their mobile devices. The network traffic has increased
leading to several security issues. Network forensics deals with the security of a network. It mainly focuses
on the IP or Internet Protocol address analysis. Investigators analyse the IP addresses for identifying the
associated user. The network traffic metadata can be used for identifying the users. Wireshark and PyFlag
are some of the analysis tool in the network forensics domain. The forensic domain widely uses some of the

biometric techniques such as fingerprint identification and face recognition.
Fourth journal article
Digital forensics has two main sub-parts: network forensics and computer forensics. Three types of
investigations can be carried out in network forensics. The proactive investigations are carried out before
the occurrence of cyber-crime incidents. Investigations that are carried out during the cyber-crime incidents
are known as real-time investigations. Retroactive investigations occur after the cyber-crime incidents have
taken place. A hand-held device called HaLo is proposed by taking the help of the framework of network
forensics for locating the criminals in real-time. The functionalities of wireless technology are utilized for
developing this device. Network forensics helps to fight against cyber-crimes by incorporating laws into its
framework.
Fifth journal article
The techniques of network forensics can be used for tracking various types of cyber-attacks. Network
forensics involves the process of monitoring as well as inspecting the network traffic for detecting any
unauthorized activity and intrusion. Advanced and intelligent network forensics procedures and techniques
are used for investigating crimes where the attacker has removed all the traces for avoiding any kind of
detection. A real-time collaborative network forensic scheme or RCNF can be used for monitoring and
investigating cyber intrusions. This scheme has three components: collection and storage of network data,
selection of significant network features by applying chi-square method and investigation of abnormal

event by using correntropy-variation technique.
Reference
[1]B. Bikash and S. Priya, "Survey on Real Time Security Mechanisms in Network Forensics", International
Journal of Computer Applications, vol. 151, no. 2, pp. 1-4, 2016.
[2]H. Jingfang, "The Application Research on Network Forensics", The Open Automation and Control
Systems Journal, vol. 5, no. 1, pp. 167-173, 2013.
[3]N. Clarke, F. Li and S. Furnell, "A novel privacy preserving user identification approach for network
traffic", Computers & Security, vol. 70, pp. 335-350, 2017.
[4]J. Hu and B. Li, "Research the Computer Forensics Based on Network", Advanced Materials Research,
vol. 694-697, pp. 2282-2285, 2013.
[5]"Digital Forensics Processing and Procedures", Network Security, vol. 2014, no. 5, p. 4, 2014.