A Generic Framework for Network Forensics

The Internet provides a powerful environment for cyber warfare attacks in the financial, ideological, and revenge realms. E-commerce transactions are major targets of cybercriminals. Network forensics is a science that helps protect the Internet from cyber attacks and reduce their impact. It uses an analysis of network traffic for investigative purposes to mitigate the malicious intent of intrusions. Presents a framework by identifying steps connected to network forensics. Compares proposed model with existing digital investigative models. Types of network forensic systems: catch it as you can systems and stop look and listen systems. Network forensic analysis tools include: NFATs, PyFlag and SiLK. Phases in framework: preparation and authorization, detection of incident/crime, incident response, collection of network traces, protection and preservation, examination, analysis, investigation and attribution, and presentation and review.