Skip to main content
SpringerLink
Log in

A Brief Review of Network Forensics Process Models and a Proposed Systematic Model for Investigation

  • Conference paper
  • First Online:
Intelligent Cyber Physical Systems and Internet of Things (ICoICI 2022)

Part of the book series: Engineering Cyber-Physical Systems and Critical Infrastructures ((ECPSCI,volume 3))

  • 606 Accesses

Abstract

Network forensics is a branch of Digital Forensics concerned with analysing the network traffic to see if any anomalies are present that may indicate an attack or could lead to one. The goal is to figure out what kind of attack it is by capturing the details, store them in a forensically sound manner, analyse, and then present them in some visual form. A model based on traceability and scenarios, with proven literature and justification is desired. This study offers a professional digital framework in which the investigative process model enhances the systematic tracking of offenders. Cyber fraud and digital crimes are on the rise, and unfortunately less than two per cent is the conviction rate worldwide. Continuous and scientific research in this area is crucial to ensure safe and secure internet usage especially for money transfers and confidential personal communication. This paper examines the essential development phases of a Network forensics investigation model, and compares different network and digital forensic methods, and also offers a systematic model of a digital forensic model for cybercrime investigation. The survey also includes classifications based on infiltration detection systems, trace backs, distribution models, and attack maps. The aim of this study is to facilitate the digital forensic process and identify improvised practices. The Systematic Network Forensic Investigation model (SNFIM) aims to establish appropriate policies and procedures for practitioners and organizations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 249.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Pilli ES, Joshi RC, Niyogi R (2010) Network forensic frameworks: survey and research challenges. Digit Investig 7(1–2):14–27

    Article  Google Scholar 

  2. Mohamed IA, Manaf ABA (2014) An enhancement of traceability model based-on scenario for digital forensic investigation process. In: 2014 third international conference on cyber security, cyber warfare and digital forensic (CyberSec). IEEE, pp 12–15

    Google Scholar 

  3. Palmer GL (2001) A road map for digital forensic research. Technical Report DTR-T0010-01, DFRWS. Report for the First Digital Forensic Research Workshop (DFRWS)

    Google Scholar 

  4. Sivaganesan DD (2021) A data driven trust mechanism based on blockchain in IoT sensor networks for detection and mitigation of attacks. J Trends Comput Sci Smart Technol 3(1):59–69. https://doi.org/10.36548/jtcsst.2021.1.006

  5. Cleland-Huang J, Hayes JH, Domel JM (2009) Model-based traceability. In: Proceedings of the 2009 ICSE workshop on traceability in emerging forms of software engineering. IEEE Computer Society, pp 6–10

    Google Scholar 

  6. Carrier B, Spafford E (2004) An event-based digital forensic investigation framework. Digit Investig

    Google Scholar 

  7. Agarwal A, Gupta M, Gupta S, Gupta SC (2011) Systematic digital forensic investigation model. Int J Comput Sci Secur (IJCSS) 5(1):118–131

    Google Scholar 

  8. Chung H, Park J, Lee S, Kang C (2012) Digital forensic investigation of cloud storage services. Digit Investig 9(2):81–95

    Article  Google Scholar 

  9. Köhn M, Olivier MS, Eloff JH (2006) Framework for a digital forensic ınvestigation. In: ISSA, pp 1–7

    Google Scholar 

  10. Perumal S (2009) Digital forensic model based on Malaysian investigation process. Int J Comput Sci Netw Secur 9(8):38–44

    Google Scholar 

  11. Ademu IO, Imafidon CO, Preston DS (2011) A new approach of digital forensic model for digital forensic investigation. Int J Adv Comput Sci Appl 2(12):175–178

    Google Scholar 

  12. Delport W, Köhn M, Olivier MS (2011) Isolating a cloud instance for a digital forensic investigation. In: ISSA

    Google Scholar 

  13. Perumal S, Norwawi NM, Raman V (2015) Internet of Things (IoT) digital forensic investigation model: top-down forensic approach methodology. In: 2015 fifth ınternational conference on digital ınformation processing and communications (ICDIPC). IEEE, pp 19–23

    Google Scholar 

  14. Valjarevic A, Venter HS (2012) Harmonised digital forensic investigation process model. In: 2012 ınformation security for South Africa. IEEE, pp. 1–10

    Google Scholar 

  15. Kanellis P, Kiountouzis E, Kolokotronis N, Martakos D (2006) Digital crime and forensic science in cyberspace. Idea Group Publishing, London, UK

    Book  Google Scholar 

  16. Kebande VR, Ray I (2016) A generic digital forensic investigation framework for internet of things (IoT). In: 2016 IEEE 4th ınternational conference on future ınternet of things and cloud (FiCloud). IEEE, pp 356–362

    Google Scholar 

  17. Sathwara S, Dutta N, Pricop E (2018) IoT forensic a digital investigation framework for IoT systems. In: 2018 10th ınternational conference on electronics, computers and artificial ıntelligence (ECAI). IEEE, pp 1–4

    Google Scholar 

  18. Shrivastava G, Gupta BB (2014) An encapsulated approach of forensic model for digital investigation. In: 2014 IEEE 3rd global conference on consumer electronics (GCCE). IEEE, pp 280–284

    Google Scholar 

  19. Valjarevic A, Venter HS, Ingles M (2014) Towards a prototype for guidance and implementation of a standardized digital forensic investigation process. In: 2014 ınformation security for South Africa. IEEE, pp 1–8

    Google Scholar 

  20. Omeleze S, Venter HS (2013) Testing the harmonised digital forensic investigation process model-using an Android mobile phone. In: 2013 ınformation security for South Africa. IEEE, pp 1–8

    Google Scholar 

  21. Kebande VR, Karie NM, Venter HS (2016) A generic digital forensic readiness model for BYOD using honeypot technology. In: 2016 IST-Africa week conference. IEEE, pp 1–12

    Google Scholar 

  22. Burrows C, Zadeh PB (2016) A mobile forensic investigation into steganography. In: 2016 international conference on cyber security and protection of digital services (Cyber Security). IEEE, pp 1–2

    Google Scholar 

  23. Charles T, Pollock M (2015) Digital forensic investigations at universities in South Africa. In: 2015 second ınternational conference on ınformation security and cyber forensics (InfoSec). IEEE, pp 53–58

    Google Scholar 

  24. Kao DY, Wu NC, Tsai F (2019) The governance of digital forensic investigation in law enforcement agencies. In: 2019 21st ınternational conference on advanced communication technology (ICACT). IEEE, pp 61–65

    Google Scholar 

  25. Jain N, Kalbande DR (2015) Digital forensic framework using feedback and case history keeper. In: 2015 ınternational conference on communication, ınformation & computing technology (ICCICT). IEEE, pp 1–6

    Google Scholar 

  26. Mouhtaropoulos A, Grobler M, Li CT (2011) Digital forensic readiness: an insight into governmental and academic initiatives. In: 2011 European ıntelligence and security ınformatics conference. IEEE, pp 191–196

    Google Scholar 

  27. Kyei K, Zavarsky P, Lindskog D, Ruhl R (2012) A review and comparative study of digital forensic investigation models. In: International conference on digital forensics and cyber crime. Springer, Berlin, Heidelberg, pp 314–327

    Google Scholar 

  28. Boateng R et al (2010) Cyber crime and criminality in Ghana: its forms and implications. In: Proceedings of the 16th Americas conference on ınformation systems

    Google Scholar 

  29. Smith RG, Grabosky PN, Urbas G (2004) Cybercriminals on trial. Cambridge University Press. ISBN: 9780521840477

    Google Scholar 

  30. Kent K, Chevalier S, Grance T, Dang H (2006) NIST SP 800-86 guide to ıntegrating forensic techniques into ıncident response

    Google Scholar 

  31. Bunting S (2007) Mastering Windows network forensic and investigation, 1st edn. Sybex. ISBN-13: 978-0470097625

    Google Scholar 

  32. Volonino L, Anzaldua R, Godwin J (2007) Computer forensics: principles and practices. Pearson Prentice Hall, NJ, USA

    Google Scholar 

  33. Jiao F, Gao W, Duan L, Cui G (2001) Detecting adult ımage using multiple features. In: Proceedings of the ICII 2001, vol 3, pp 378–383

    Google Scholar 

  34. Phung S, Chai D, Bouzerdoum A (2003) Adaptive skin segmentation in color ımages. In: IEEE international conference on acoustics, speech, and signal processing (ICASSP 2003)

    Google Scholar 

  35. Cosic J, Baca M (2010) A framework to (im)prove “chain of custody” in digital ınvestigation process. In: Proceedings of the CECIIS, Varazdin, Croatia

    Google Scholar 

  36. Hemdan EED, Manjaiah DH (2018) Cybercrimes investigation and intrusion detection in internet of things based on data science methods. In: Cognitive computing for big data systems over IoT. Springer, Cham, pp 39–62

    Google Scholar 

  37. Pilli ES, Joshi RC, Niyogi R (2010) An IP traceback model for network forensics. In: International conference on digital forensics and cyber crime. Springer, Berlin, Heidelberg, pp 129–136

    Google Scholar 

  38. Quick D, Choo KKR (2017) Big forensic data management in heterogeneous distributed systems: quick analysis of multimedia forensic data. Softw: Pract Exp 47(8):1095–1109

    Google Scholar 

  39. Chhabra GS, Singh P (2015) Distributed network forensics framework: a systematic review. Int J Comput Appl 119(19)

    Google Scholar 

  40. Achille MM, Roger AE (2014) Obtaining digital evidence from intrusion detection systems. Int J Comput Appl 95(12)

    Google Scholar 

  41. Barhate K, Jaidhar CD (2013) Automated digital forensic technique with intrusion detection systems. In: 2013 3rd IEEE ınternational advance computing conference (IACC). IEEE, pp 185–189

    Google Scholar 

  42. Rani DR, Geethakumari G (2020) A framework for the identification of suspicious packets to detect anti-forensic attacks in the cloud environment. Peer-to-Peer Netw Appl 1–14

    Google Scholar 

  43. Singhal A, Jajodia S (2006) Data warehousing and data mining techniques for intrusion detection systems. Distrib Parallel Databases 20(2):149–166

    Article  Google Scholar 

  44. Inayat Z, Gani A, Anuar NB, Anwar S, Khan MK (2017) Cloud-based intrusion detection and response system: open research issues, and solutions. Arab J Sci Eng 42(2):399–423

    Article  Google Scholar 

  45. Xie Y, Feng D, Tan Z, Zhou J (2016) Unifying intrusion detection and forensic analysis via provenance awareness. Future Gener Comput Syst 61:26–36

    Article  Google Scholar 

  46. Sy BK (2009) Integrating intrusion alert information to aid forensic explanation: an analytical intrusion detection framework for distributive IDS. Inf Fusion 10(4):325–341

    Article  Google Scholar 

  47. Zhang H, Huang L, Wu CQ, Li Z (2020) An effective convolutional neural network based on SMOTE and Gaussian mixture model for ıntrusion detection in ımbalanced dataset. Comput Netw 107315

    Google Scholar 

  48. Rahouma K, Ali A (2019) Applying intrusion detection and response systems for securing the client data signals in the Egyptian optical network. Procedia Comput Sci 163:538–549

    Article  Google Scholar 

  49. Aloqaily M, Otoum S, Al Ridhawi I, Jararweh Y (2019) An intrusion detection system for connected vehicles in smart cities. Ad Hoc Netw 90:101842

    Article  Google Scholar 

  50. Houmansadr A, Zonouz SA, Berthier R (2011) A cloud-based intrusion detection and response system for mobile phones. In: 2011 IEEE/IFIP 41st international conference on dependable systems and networks workshops (DSN-W). IEEE, pp 31–32

    Google Scholar 

  51. Yampolskiy RV (2007) Human computer interaction based intrusion detection. In: Fourth ınternational conference on ınformation technology (ITNG'07). IEEE, pp 837–842

    Google Scholar 

  52. Zhang Y, Saberi M, Chang E (2018) A semantic-based knowledge fusion model for solution-oriented information network development: a case study in intrusion detection field. Scientometrics 117(2):857–886

    Article  Google Scholar 

  53. Vasudevan AR, Selvakumar S (2016) Local outlier factor and stronger one class classifier based hierarchical model for detection of attacks in network intrusion detection dataset. Front Comp Sci 10(4):755–766

    Article  Google Scholar 

  54. Ulltveit-Moe N, Oleshchuk VA, Køien GM (2011) Location-aware mobile intrusion detection with enhanced privacy in a 5G context. Wirel Pers Commun 57(3):317–338

    Article  Google Scholar 

  55. Armoogum S, Mohamudally N (2008) Mobile agent based real time IP traceback. In 2008 third ınternational conference on digital ınformation management. IEEE, pp 69–74

    Google Scholar 

  56. Cusack B, Tian Z, Kyaw AK (2016) Identifying DOS and DDOS attack origin: IP traceback methods comparison and evaluation for IoT. In: Interoperability, safety and security in IoT. Springer, Cham, pp 127–138

    Google Scholar 

  57. Selamat SR, Yusof R, Sahib S, Hassan NH, Abdollah MF, Abidin ZZ (2011) Traceability in digital forensic investigation process. In: 2011 IEEE conference on open systems. IEEE, pp 101–106

    Google Scholar 

  58. Alex ME, Kishore R (2017) Forensics framework for cloud computing. Comput Electr Eng 60:193–205

    Article  Google Scholar 

  59. Shah JJ, Malik LG (2014) An approach towards digital forensic framework for cloud. In: 2014 IEEE ınternational advance computing conference (IACC). IEEE, pp 798–801

    Google Scholar 

  60. Koleoso RA, Ajayi OO, Oladeji FA, Uwadia CO (2018) A digital forensics investigatıon model that incorporates digital chain of custody for its integrıty, and authenticity. Computer Networks, Infrastructure Management and Securıty (CoNIMS), p 55

    Google Scholar 

  61. Bulbul HI, Yavuzcan HG, Ozel M (2013) Digital forensics: an analytical crime scene procedure model (ACSPM). Forens Sci Int 233(1–3):244–256

    Article  Google Scholar 

  62. Chlapoutakis G (2022) Use of network monitoring and analysis tools and methodologies in digital forensic ınvestigations

    Google Scholar 

  63. Kwon S, Jeong J, Shon T (2019) Digital forensic readiness for financial network. In: 2019 ınternational conference on platform technology and service (PlatCon). IEEE, pp 1–4

    Google Scholar 

  64. Montasari R (2016) An ad hoc detailed review of digital forensic investigation process models. Int J Electron Secur Digit Forens 8(3):205–223

    Article  Google Scholar 

  65. Rekhis S, Krichene J, Boudriga N (2008) DigForNet: digital forensic in networking. In: IFIP ınternational ınformation security conference. Springer, Boston, MA, pp 637–651

    Google Scholar 

  66. Singh KS, Irfan A, Dayal N (2019) Cyber forensics and comparative analysis of digital forensic ınvestigation frameworks. In: 2019 4th ınternational conference on ınformation systems and computer networks (ISCON). IEEE, pp 584–590

    Google Scholar 

  67. Jain N, Kalbande DR (2014) A comparative study based digital forensic tool: complete automated tool. Int J Forens Comput Sci

    Google Scholar 

  68. Wazid M, Katal A, Goudar RH, Rao S (2013) Hacktivism trends, digital forensic tools and challenges: a survey. In: 2013 IEEE conference on ınformation & communication technologies. IEEE, pp 138–144

    Google Scholar 

  69. Trček D, Abie H, Skomedal Å, Starc I (2010) Advanced framework for digital forensic technologies and procedures. J Forens Sci 55(6):1471–1480

    Article  Google Scholar 

  70. Singh AP, Jain RC (2015) Group identification based classification technique for aggregated common data used in digital forensic ınvestigation (DFI)

    Google Scholar 

  71. Roussev V, Richard III G (2004) Breaking the performance wall—the case for distributed digital forensics. Digit Investig

    Google Scholar 

  72. Ellison D, Ikuesan AR, Venter H (2019) Description logics and axiom formation for a digital forensics ontology. In: European conference on cyber warfare and security. Academic Conferences International Limited, pp 742-XIII

    Google Scholar 

  73. Satpathy S, Pradhan SK, Ray BB (2010) A digital investigation tool based on data fusion in management of cyber security systems. Int J Inf Technol Knowl Manag 2(2):561–565

    Google Scholar 

  74. Beebe NL, Clark JG (2007) Digital forensic text string searching: improving information retrieval effectiveness by thematically clustering search results. Digit Investig 4:49–54

    Article  Google Scholar 

  75. Beebe N, Clark J (2005) Dealing with terabyte data sets in digital investigations. In: IFIP ınternational conference on digital forensics. Springer, Boston, MA, pp 3–16

    Google Scholar 

  76. Bermad N, Kechadi MT (2016) Evidence analysis to basis of clustering: approach based on mobile forensic investigation. In: 2016 7th ınternational conference on sciences of electronics, technologies of ınformation and telecommunications (SETIT). IEEE, pp 300–307

    Google Scholar 

  77. Verma R, Govindaraj J, Gupta G (2018) DF 2.0: designing an automated, privacy preserving, and efficient digital forensic framework

    Google Scholar 

  78. Duce D, Mitchell F, Turner P (2007) Digital forensics: challenges and opportunities. In: 2nd conference on advances in computer security and forensics (ACSF), LJMU, Liverpool, UK

    Google Scholar 

  79. Marangos N, Rizomiliotis P, Mitrou L (2012) Digital forensics in the cloud computing era. In: 2012 IEEE Globecom workshops. IEEE, pp 775–780

    Google Scholar 

  80. Homem I, Kanter T, Rahmani R (2016) Improving distributed forensics and incident response in loosely controlled networked environments. Int J Secur Appl 10(1):385–414

    Google Scholar 

  81. Singh A, Ikuesan AR, Venter HS (2018) Digital forensic readiness framework for ransomware investigation. In: International conference on digital forensics and cyber crime. Springer, Cham, pp 91–105

    Google Scholar 

  82. Tewelde S, Gruner S, Olivier M (2015) Notions of hypothesis in digital forensics. IFIP international conference on digital forensics. Springer, Cham, pp 29–43

    Google Scholar 

  83. Bashir MS, Khan MNA (2013) Triage in live digital forensic analysis. Int J Forens Comput Sci 1:35–44

    Article  Google Scholar 

  84. Wang W, Daniels TE (2005) Network forensics analysis with evidence graphs (demo proposal). In: Proceedings of the digital forensic research workshop

    Google Scholar 

  85. Zhu Y (2011) Attack pattern discovery in forensic investigation of network attacks. IEEE J Sel Areas Commun 29(7):1349–1357

    Article  Google Scholar 

  86. Barik MS, Sengupta A, Mazumdar C (2016) Attack graph generation and analysis techniques. Def Sci J 66(6):559

    Article  Google Scholar 

  87. Liu C, Singhal A, Wijesekera D (2014) A model towards using evidence from security events for network attack analysis. In: WOSIS, pp 83–95

    Google Scholar 

  88. Barrère M, Steiner RV, Mohsen R, Lupu EC (2017) Tracking the bad guys: An efficient forensic methodology to trace multi-step attacks using core attack graphs. In: 2017 13th international conference on network and service management (CNSM). IEEE, pp 1–7

    Google Scholar 

  89. Conlan K, Baggili I, Breitinger F (2016) Anti-forensics: furthering digital forensic science through a new extended, granular taxonomy. Digit Investig 18:S66–S75

    Article  Google Scholar 

  90. Al-Mahrouqi A, Abdalla S, Kechadi T (2015) Cyberspace forensics readiness and security awareness model. Int J Adv Comput Sci Appl 6:123–127

    Google Scholar 

  91. Ha D, Upadhyaya S, Ngo H, Pramanik S, Chinchani R, Mathew S (2007) Insider threat analysis using information-centric modeling. IFIP international conference on digital forensics. Springer, New York, NY, pp 55–73

    Google Scholar 

  92. Imran A, Aljawarneh S, Sakib K (2016) Web data amalgamation for security engineering: digital forensic investigation of open source cloud. J UCS 22(4):494–520

    MathSciNet  Google Scholar 

  93. Liu C, Singhal A, Wijesekera D (2015) A logic-based network forensic model for evidence analysis. IFIP international conference on digital forensics. Springer, Cham, pp 129–145

    Google Scholar 

  94. Peisert S, Bishop M, Karin S, Marzullo K (2007) Toward models for forensic analysis. In: Second international workshop on systematic approaches to digital forensic engineering (SADFE'07). IEEE, pp 3–15

    Google Scholar 

  95. Poolsapassit N, Ray I (2007) Investigating computer attacks using attack trees. IFIP ınternational conference on digital forensics. Springer, New York, NY, pp 331–343

    Google Scholar 

  96. Rekhis S, Boudriga N (2011) Logic-based approach for digital forensic investigation in communication Networks. Comput Secur 30(6–7):376–396

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Veermata Jijabai Technological Institute, Mumbai, India

    Merly Thomas & Bandu Meshram

Authors
  1. Merly Thomas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bandu Meshram
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Merly Thomas .

Editor information

Editors and Affiliations

  1. Department of Electronics and Communication Engineering, Karunya Institute of Technology and Sciences, Coimbatore, Tamil Nadu, India

    Jude Hemanth

  2. Faculty of Communication Sciences, University of Teramo, Teramo, Italy

    Danilo Pelusi

  3. Department of Electrical Engineering, Da-Yeh University, Dacun, Changhua, Taiwan

    Joy Iong-Zong Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Thomas, M., Meshram, B. (2023). A Brief Review of Network Forensics Process Models and a Proposed Systematic Model for Investigation. In: Hemanth, J., Pelusi, D., Chen, J.IZ. (eds) Intelligent Cyber Physical Systems and Internet of Things. ICoICI 2022. Engineering Cyber-Physical Systems and Critical Infrastructures, vol 3. Springer, Cham. https://doi.org/10.1007/978-3-031-18497-0_45

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-18497-0_45

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-18496-3

  • Online ISBN: 978-3-031-18497-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation