Abstract
Network forensics is a branch of Digital Forensics concerned with analysing the network traffic to see if any anomalies are present that may indicate an attack or could lead to one. The goal is to figure out what kind of attack it is by capturing the details, store them in a forensically sound manner, analyse, and then present them in some visual form. A model based on traceability and scenarios, with proven literature and justification is desired. This study offers a professional digital framework in which the investigative process model enhances the systematic tracking of offenders. Cyber fraud and digital crimes are on the rise, and unfortunately less than two per cent is the conviction rate worldwide. Continuous and scientific research in this area is crucial to ensure safe and secure internet usage especially for money transfers and confidential personal communication. This paper examines the essential development phases of a Network forensics investigation model, and compares different network and digital forensic methods, and also offers a systematic model of a digital forensic model for cybercrime investigation. The survey also includes classifications based on infiltration detection systems, trace backs, distribution models, and attack maps. The aim of this study is to facilitate the digital forensic process and identify improvised practices. The Systematic Network Forensic Investigation model (SNFIM) aims to establish appropriate policies and procedures for practitioners and organizations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Pilli ES, Joshi RC, Niyogi R (2010) Network forensic frameworks: survey and research challenges. Digit Investig 7(1–2):14–27
Mohamed IA, Manaf ABA (2014) An enhancement of traceability model based-on scenario for digital forensic investigation process. In: 2014 third international conference on cyber security, cyber warfare and digital forensic (CyberSec). IEEE, pp 12–15
Palmer GL (2001) A road map for digital forensic research. Technical Report DTR-T0010-01, DFRWS. Report for the First Digital Forensic Research Workshop (DFRWS)
Sivaganesan DD (2021) A data driven trust mechanism based on blockchain in IoT sensor networks for detection and mitigation of attacks. J Trends Comput Sci Smart Technol 3(1):59–69. https://doi.org/10.36548/jtcsst.2021.1.006
Cleland-Huang J, Hayes JH, Domel JM (2009) Model-based traceability. In: Proceedings of the 2009 ICSE workshop on traceability in emerging forms of software engineering. IEEE Computer Society, pp 6–10
Carrier B, Spafford E (2004) An event-based digital forensic investigation framework. Digit Investig
Agarwal A, Gupta M, Gupta S, Gupta SC (2011) Systematic digital forensic investigation model. Int J Comput Sci Secur (IJCSS) 5(1):118–131
Chung H, Park J, Lee S, Kang C (2012) Digital forensic investigation of cloud storage services. Digit Investig 9(2):81–95
Köhn M, Olivier MS, Eloff JH (2006) Framework for a digital forensic ınvestigation. In: ISSA, pp 1–7
Perumal S (2009) Digital forensic model based on Malaysian investigation process. Int J Comput Sci Netw Secur 9(8):38–44
Ademu IO, Imafidon CO, Preston DS (2011) A new approach of digital forensic model for digital forensic investigation. Int J Adv Comput Sci Appl 2(12):175–178
Delport W, Köhn M, Olivier MS (2011) Isolating a cloud instance for a digital forensic investigation. In: ISSA
Perumal S, Norwawi NM, Raman V (2015) Internet of Things (IoT) digital forensic investigation model: top-down forensic approach methodology. In: 2015 fifth ınternational conference on digital ınformation processing and communications (ICDIPC). IEEE, pp 19–23
Valjarevic A, Venter HS (2012) Harmonised digital forensic investigation process model. In: 2012 ınformation security for South Africa. IEEE, pp. 1–10
Kanellis P, Kiountouzis E, Kolokotronis N, Martakos D (2006) Digital crime and forensic science in cyberspace. Idea Group Publishing, London, UK
Kebande VR, Ray I (2016) A generic digital forensic investigation framework for internet of things (IoT). In: 2016 IEEE 4th ınternational conference on future ınternet of things and cloud (FiCloud). IEEE, pp 356–362
Sathwara S, Dutta N, Pricop E (2018) IoT forensic a digital investigation framework for IoT systems. In: 2018 10th ınternational conference on electronics, computers and artificial ıntelligence (ECAI). IEEE, pp 1–4
Shrivastava G, Gupta BB (2014) An encapsulated approach of forensic model for digital investigation. In: 2014 IEEE 3rd global conference on consumer electronics (GCCE). IEEE, pp 280–284
Valjarevic A, Venter HS, Ingles M (2014) Towards a prototype for guidance and implementation of a standardized digital forensic investigation process. In: 2014 ınformation security for South Africa. IEEE, pp 1–8
Omeleze S, Venter HS (2013) Testing the harmonised digital forensic investigation process model-using an Android mobile phone. In: 2013 ınformation security for South Africa. IEEE, pp 1–8
Kebande VR, Karie NM, Venter HS (2016) A generic digital forensic readiness model for BYOD using honeypot technology. In: 2016 IST-Africa week conference. IEEE, pp 1–12
Burrows C, Zadeh PB (2016) A mobile forensic investigation into steganography. In: 2016 international conference on cyber security and protection of digital services (Cyber Security). IEEE, pp 1–2
Charles T, Pollock M (2015) Digital forensic investigations at universities in South Africa. In: 2015 second ınternational conference on ınformation security and cyber forensics (InfoSec). IEEE, pp 53–58
Kao DY, Wu NC, Tsai F (2019) The governance of digital forensic investigation in law enforcement agencies. In: 2019 21st ınternational conference on advanced communication technology (ICACT). IEEE, pp 61–65
Jain N, Kalbande DR (2015) Digital forensic framework using feedback and case history keeper. In: 2015 ınternational conference on communication, ınformation & computing technology (ICCICT). IEEE, pp 1–6
Mouhtaropoulos A, Grobler M, Li CT (2011) Digital forensic readiness: an insight into governmental and academic initiatives. In: 2011 European ıntelligence and security ınformatics conference. IEEE, pp 191–196
Kyei K, Zavarsky P, Lindskog D, Ruhl R (2012) A review and comparative study of digital forensic investigation models. In: International conference on digital forensics and cyber crime. Springer, Berlin, Heidelberg, pp 314–327
Boateng R et al (2010) Cyber crime and criminality in Ghana: its forms and implications. In: Proceedings of the 16th Americas conference on ınformation systems
Smith RG, Grabosky PN, Urbas G (2004) Cybercriminals on trial. Cambridge University Press. ISBN: 9780521840477
Kent K, Chevalier S, Grance T, Dang H (2006) NIST SP 800-86 guide to ıntegrating forensic techniques into ıncident response
Bunting S (2007) Mastering Windows network forensic and investigation, 1st edn. Sybex. ISBN-13: 978-0470097625
Volonino L, Anzaldua R, Godwin J (2007) Computer forensics: principles and practices. Pearson Prentice Hall, NJ, USA
Jiao F, Gao W, Duan L, Cui G (2001) Detecting adult ımage using multiple features. In: Proceedings of the ICII 2001, vol 3, pp 378–383
Phung S, Chai D, Bouzerdoum A (2003) Adaptive skin segmentation in color ımages. In: IEEE international conference on acoustics, speech, and signal processing (ICASSP 2003)
Cosic J, Baca M (2010) A framework to (im)prove “chain of custody” in digital ınvestigation process. In: Proceedings of the CECIIS, Varazdin, Croatia
Hemdan EED, Manjaiah DH (2018) Cybercrimes investigation and intrusion detection in internet of things based on data science methods. In: Cognitive computing for big data systems over IoT. Springer, Cham, pp 39–62
Pilli ES, Joshi RC, Niyogi R (2010) An IP traceback model for network forensics. In: International conference on digital forensics and cyber crime. Springer, Berlin, Heidelberg, pp 129–136
Quick D, Choo KKR (2017) Big forensic data management in heterogeneous distributed systems: quick analysis of multimedia forensic data. Softw: Pract Exp 47(8):1095–1109
Chhabra GS, Singh P (2015) Distributed network forensics framework: a systematic review. Int J Comput Appl 119(19)
Achille MM, Roger AE (2014) Obtaining digital evidence from intrusion detection systems. Int J Comput Appl 95(12)
Barhate K, Jaidhar CD (2013) Automated digital forensic technique with intrusion detection systems. In: 2013 3rd IEEE ınternational advance computing conference (IACC). IEEE, pp 185–189
Rani DR, Geethakumari G (2020) A framework for the identification of suspicious packets to detect anti-forensic attacks in the cloud environment. Peer-to-Peer Netw Appl 1–14
Singhal A, Jajodia S (2006) Data warehousing and data mining techniques for intrusion detection systems. Distrib Parallel Databases 20(2):149–166
Inayat Z, Gani A, Anuar NB, Anwar S, Khan MK (2017) Cloud-based intrusion detection and response system: open research issues, and solutions. Arab J Sci Eng 42(2):399–423
Xie Y, Feng D, Tan Z, Zhou J (2016) Unifying intrusion detection and forensic analysis via provenance awareness. Future Gener Comput Syst 61:26–36
Sy BK (2009) Integrating intrusion alert information to aid forensic explanation: an analytical intrusion detection framework for distributive IDS. Inf Fusion 10(4):325–341
Zhang H, Huang L, Wu CQ, Li Z (2020) An effective convolutional neural network based on SMOTE and Gaussian mixture model for ıntrusion detection in ımbalanced dataset. Comput Netw 107315
Rahouma K, Ali A (2019) Applying intrusion detection and response systems for securing the client data signals in the Egyptian optical network. Procedia Comput Sci 163:538–549
Aloqaily M, Otoum S, Al Ridhawi I, Jararweh Y (2019) An intrusion detection system for connected vehicles in smart cities. Ad Hoc Netw 90:101842
Houmansadr A, Zonouz SA, Berthier R (2011) A cloud-based intrusion detection and response system for mobile phones. In: 2011 IEEE/IFIP 41st international conference on dependable systems and networks workshops (DSN-W). IEEE, pp 31–32
Yampolskiy RV (2007) Human computer interaction based intrusion detection. In: Fourth ınternational conference on ınformation technology (ITNG'07). IEEE, pp 837–842
Zhang Y, Saberi M, Chang E (2018) A semantic-based knowledge fusion model for solution-oriented information network development: a case study in intrusion detection field. Scientometrics 117(2):857–886
Vasudevan AR, Selvakumar S (2016) Local outlier factor and stronger one class classifier based hierarchical model for detection of attacks in network intrusion detection dataset. Front Comp Sci 10(4):755–766
Ulltveit-Moe N, Oleshchuk VA, Køien GM (2011) Location-aware mobile intrusion detection with enhanced privacy in a 5G context. Wirel Pers Commun 57(3):317–338
Armoogum S, Mohamudally N (2008) Mobile agent based real time IP traceback. In 2008 third ınternational conference on digital ınformation management. IEEE, pp 69–74
Cusack B, Tian Z, Kyaw AK (2016) Identifying DOS and DDOS attack origin: IP traceback methods comparison and evaluation for IoT. In: Interoperability, safety and security in IoT. Springer, Cham, pp 127–138
Selamat SR, Yusof R, Sahib S, Hassan NH, Abdollah MF, Abidin ZZ (2011) Traceability in digital forensic investigation process. In: 2011 IEEE conference on open systems. IEEE, pp 101–106
Alex ME, Kishore R (2017) Forensics framework for cloud computing. Comput Electr Eng 60:193–205
Shah JJ, Malik LG (2014) An approach towards digital forensic framework for cloud. In: 2014 IEEE ınternational advance computing conference (IACC). IEEE, pp 798–801
Koleoso RA, Ajayi OO, Oladeji FA, Uwadia CO (2018) A digital forensics investigatıon model that incorporates digital chain of custody for its integrıty, and authenticity. Computer Networks, Infrastructure Management and Securıty (CoNIMS), p 55
Bulbul HI, Yavuzcan HG, Ozel M (2013) Digital forensics: an analytical crime scene procedure model (ACSPM). Forens Sci Int 233(1–3):244–256
Chlapoutakis G (2022) Use of network monitoring and analysis tools and methodologies in digital forensic ınvestigations
Kwon S, Jeong J, Shon T (2019) Digital forensic readiness for financial network. In: 2019 ınternational conference on platform technology and service (PlatCon). IEEE, pp 1–4
Montasari R (2016) An ad hoc detailed review of digital forensic investigation process models. Int J Electron Secur Digit Forens 8(3):205–223
Rekhis S, Krichene J, Boudriga N (2008) DigForNet: digital forensic in networking. In: IFIP ınternational ınformation security conference. Springer, Boston, MA, pp 637–651
Singh KS, Irfan A, Dayal N (2019) Cyber forensics and comparative analysis of digital forensic ınvestigation frameworks. In: 2019 4th ınternational conference on ınformation systems and computer networks (ISCON). IEEE, pp 584–590
Jain N, Kalbande DR (2014) A comparative study based digital forensic tool: complete automated tool. Int J Forens Comput Sci
Wazid M, Katal A, Goudar RH, Rao S (2013) Hacktivism trends, digital forensic tools and challenges: a survey. In: 2013 IEEE conference on ınformation & communication technologies. IEEE, pp 138–144
Trček D, Abie H, Skomedal Å, Starc I (2010) Advanced framework for digital forensic technologies and procedures. J Forens Sci 55(6):1471–1480
Singh AP, Jain RC (2015) Group identification based classification technique for aggregated common data used in digital forensic ınvestigation (DFI)
Roussev V, Richard III G (2004) Breaking the performance wall—the case for distributed digital forensics. Digit Investig
Ellison D, Ikuesan AR, Venter H (2019) Description logics and axiom formation for a digital forensics ontology. In: European conference on cyber warfare and security. Academic Conferences International Limited, pp 742-XIII
Satpathy S, Pradhan SK, Ray BB (2010) A digital investigation tool based on data fusion in management of cyber security systems. Int J Inf Technol Knowl Manag 2(2):561–565
Beebe NL, Clark JG (2007) Digital forensic text string searching: improving information retrieval effectiveness by thematically clustering search results. Digit Investig 4:49–54
Beebe N, Clark J (2005) Dealing with terabyte data sets in digital investigations. In: IFIP ınternational conference on digital forensics. Springer, Boston, MA, pp 3–16
Bermad N, Kechadi MT (2016) Evidence analysis to basis of clustering: approach based on mobile forensic investigation. In: 2016 7th ınternational conference on sciences of electronics, technologies of ınformation and telecommunications (SETIT). IEEE, pp 300–307
Verma R, Govindaraj J, Gupta G (2018) DF 2.0: designing an automated, privacy preserving, and efficient digital forensic framework
Duce D, Mitchell F, Turner P (2007) Digital forensics: challenges and opportunities. In: 2nd conference on advances in computer security and forensics (ACSF), LJMU, Liverpool, UK
Marangos N, Rizomiliotis P, Mitrou L (2012) Digital forensics in the cloud computing era. In: 2012 IEEE Globecom workshops. IEEE, pp 775–780
Homem I, Kanter T, Rahmani R (2016) Improving distributed forensics and incident response in loosely controlled networked environments. Int J Secur Appl 10(1):385–414
Singh A, Ikuesan AR, Venter HS (2018) Digital forensic readiness framework for ransomware investigation. In: International conference on digital forensics and cyber crime. Springer, Cham, pp 91–105
Tewelde S, Gruner S, Olivier M (2015) Notions of hypothesis in digital forensics. IFIP international conference on digital forensics. Springer, Cham, pp 29–43
Bashir MS, Khan MNA (2013) Triage in live digital forensic analysis. Int J Forens Comput Sci 1:35–44
Wang W, Daniels TE (2005) Network forensics analysis with evidence graphs (demo proposal). In: Proceedings of the digital forensic research workshop
Zhu Y (2011) Attack pattern discovery in forensic investigation of network attacks. IEEE J Sel Areas Commun 29(7):1349–1357
Barik MS, Sengupta A, Mazumdar C (2016) Attack graph generation and analysis techniques. Def Sci J 66(6):559
Liu C, Singhal A, Wijesekera D (2014) A model towards using evidence from security events for network attack analysis. In: WOSIS, pp 83–95
Barrère M, Steiner RV, Mohsen R, Lupu EC (2017) Tracking the bad guys: An efficient forensic methodology to trace multi-step attacks using core attack graphs. In: 2017 13th international conference on network and service management (CNSM). IEEE, pp 1–7
Conlan K, Baggili I, Breitinger F (2016) Anti-forensics: furthering digital forensic science through a new extended, granular taxonomy. Digit Investig 18:S66–S75
Al-Mahrouqi A, Abdalla S, Kechadi T (2015) Cyberspace forensics readiness and security awareness model. Int J Adv Comput Sci Appl 6:123–127
Ha D, Upadhyaya S, Ngo H, Pramanik S, Chinchani R, Mathew S (2007) Insider threat analysis using information-centric modeling. IFIP international conference on digital forensics. Springer, New York, NY, pp 55–73
Imran A, Aljawarneh S, Sakib K (2016) Web data amalgamation for security engineering: digital forensic investigation of open source cloud. J UCS 22(4):494–520
Liu C, Singhal A, Wijesekera D (2015) A logic-based network forensic model for evidence analysis. IFIP international conference on digital forensics. Springer, Cham, pp 129–145
Peisert S, Bishop M, Karin S, Marzullo K (2007) Toward models for forensic analysis. In: Second international workshop on systematic approaches to digital forensic engineering (SADFE'07). IEEE, pp 3–15
Poolsapassit N, Ray I (2007) Investigating computer attacks using attack trees. IFIP ınternational conference on digital forensics. Springer, New York, NY, pp 331–343
Rekhis S, Boudriga N (2011) Logic-based approach for digital forensic investigation in communication Networks. Comput Secur 30(6–7):376–396
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Thomas, M., Meshram, B. (2023). A Brief Review of Network Forensics Process Models and a Proposed Systematic Model for Investigation. In: Hemanth, J., Pelusi, D., Chen, J.IZ. (eds) Intelligent Cyber Physical Systems and Internet of Things. ICoICI 2022. Engineering Cyber-Physical Systems and Critical Infrastructures, vol 3. Springer, Cham. https://doi.org/10.1007/978-3-031-18497-0_45
Download citation
DOI: https://doi.org/10.1007/978-3-031-18497-0_45
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-18496-3
Online ISBN: 978-3-031-18497-0
eBook Packages: EngineeringEngineering (R0)