Skip to main content

Network Forensic Process Model and Framework: An Alternative Scenario

  • Conference paper
  • First Online:
Intelligent Communication, Control and Devices

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 624))


Network forensic provides a way to trail the cyber criminals through analysis and trace back of collected network evidence. The prerequisite is the deployment of various network traffic collection tools such as Iris, NetIntercept, NetWitness, SoleraDS5150, Xplico. Network forensic analysis involves examination of network traffic to detect invasion and exploring how the crime took place, i.e., setting up crime scene for investigation and replays. In this paper, we have proposed the process model and compared with the existing network forensic process models and frameworks. Along with highlighting the research challenges at various stages, authors propose a high-level description of standard process model and framework.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Similar content being viewed by others


  1. Pilli, E. S., Joshi, R.C., Niyogi, R.: Network forensic frameworks: Survey and research challenges. Digital Investigation 7, 14–27, (2010).

    Google Scholar 

  2. Mandia, K., Procise, C.: Incident Response and Computer Forensics. Osborne McGraw-Hill, New York, (2003).

    Google Scholar 

  3. Reith, M., Carr, C., Gunsch, G.: An Examination of Digital Forensic Models. International Journal of Digital Evidence 1(3), (2002).

    Google Scholar 

  4. Casey, E.: Network traffic as a source of evidence: tool strengths, weakness, and future needs,” Digital Investigation 1, 28–43 (2004).

    Google Scholar 

  5. Palmer, G. L.: Forensic analysis in digital world. International Journal of Digital Evidence, 1(1), 1–6 (2002).

    Google Scholar 

  6. Ren, W., Jin, H.: Distributed Agent-based Real Time Network Intrusion Forensics System Architecture Design. Proceedings of the International Conference on Advanced Information Networking and Applications, pp. 177–182, IEEE Press, New York (2005).

    Google Scholar 

  7. Kohn, M. D., Eloff, M. M., Eloff, J. H. P.: Integrated digital forensic process model. Computer & Security 38, 103–115 (2013).

    Google Scholar 

  8. Liu, C., Singhal, A., Wijesekera, D.: A logic-based network forensic model for evidence analysis. IFIP Advances in Information and Communication Technology 462, 129–145 (2015).

    Google Scholar 

  9. Lutui, R.: A multidisciplinary digital forensic investigation process model. Business Horizons 59, 593–604 (2016).

    Google Scholar 

  10. Shanmugasundaram, K., Memon, N., Savant, A., Bronnimann, H.: ForNet: A Distributed Forensics Network. Digital Investigation 7, 14–27 (2010).

    Google Scholar 

  11. Liu, Z., Feng, D.: Incremental fuzzy decision tree-based network forensic system. Conference on Computational and Information Science 3802, 995–1002 (2005).

    Google Scholar 

  12. Bijalwan, A., Pilli, E. S.: Crime psychology using network forensics. Journal of Computer Engineering & Information Technology, 3, (2014). doi: 10.4172/2324-9307.1000120.

  13. Ciardhuain, S. O.: An extended model of cybercrime investigations. International Journal of Digital Evidence, 3(2), 1–22 (2004).

    Google Scholar 

  14. Tang, Y., Daniels, T. E.: A Simple Framework for Distributed Forensics. Proceedings of the 25th IEEE International Conference on Distributed Computing Systems Workshops, February 2005.

    Google Scholar 

  15. Selamat, S. R., Yusof, R., Sahib, S.: Mapping Process of Digital Forensic Investigation Framework. International Journal of Computer Science and Network Security 8, 163–169, (2008).

    Google Scholar 

  16. Nagesh, A.: Distributed network forensics using JADE mobile agent framework. Master’s thesis, Arizona State University (2007).

    Google Scholar 

  17. Chen, L. M., Chen, M. C., Liao, W., Sun, Y. S.: A Scalable network forensics mechanism for stealthy self-propagating attacks. Computer Communications, 36, 1471–1484, (2013).

    Google Scholar 

  18. Ndatinya, V., Xiao, Z., Manepalli, V. R., Meng, K., Xiao, Y.: Network forensic analysis using Wireshark. International Journal of Sensor Networks, 10, 91–106, (2015).

    Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Amit Awasthi .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kaur, P., Bijalwan, A., Joshi, R.C., Awasthi, A. (2018). Network Forensic Process Model and Framework: An Alternative Scenario. In: Singh, R., Choudhury, S., Gehlot, A. (eds) Intelligent Communication, Control and Devices. Advances in Intelligent Systems and Computing, vol 624. Springer, Singapore.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-5902-5

  • Online ISBN: 978-981-10-5903-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics