Skip to main content

A Survey: On Network Forensic Data Acquisition and Analysis Tools

  • Conference paper
  • First Online:
Emerging Research in Electronics, Computer Science and Technology

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 545))


Network forensics is one of the investigation areas, focusing on capturing the packets, monitoring the packets, recording the packet’s data, and analyzing the network traffic. Network forensics helps to trace back the malicious/suspect packets during the communication. Network intrusion prevention system/network intrusion detection system (NIPS/NIDS) are specialized methods to find out the malicious attackers. Network forensics is an extension of network cryptography. The objective of network forensics is collecting the evidence during trace attackers. This paper shows the best methodology for investigation strategy and data acquisition tools.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others


  1. Ritchey RW, Ammann P (2000) Using model checking to analyze network vulnerabilities. In: Proceedings 2000 IEEE symposium on security and privacy, S&P 2000, pp 156–165

    Google Scholar 

  2. Carl G, Kesidis G, Brooks RR, Rai S (2006) Denial-of-service attack-detection techniques. IEEE Internet Comput 10:82–89

    Article  Google Scholar 

  3. Srivastava A, Gupta B, Tyagi A, Sharma A, Mishra A (2011) A recent survey on DDoS attacks and defense mechanisms. In: Advances in parallel distributed computing. Springer, pp 570–580

    Google Scholar 

  4. Ferguson P (2000) Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing

    Google Scholar 

  5. Raza M, Iqbal M, Sharif M, Haider W (2012) A survey of password attacks and comparative analysis on methods for secure authentication. World Appl Sci J 19:439–444

    Google Scholar 

  6. Desmedt Y (2011) Man-in-the-middle attack. In: Encyclopedia of cryptography and security. Springer, pp 759–759

    Google Scholar 

  7. Schluessler T, Goglin S, Johnson E (2007) Is a bot at the controls? Detecting input data attacks. In: Proceedings of the 6th ACM SIGCOMM workshop on network and system support for games, pp 1–6

    Google Scholar 

  8. Diamah A, Mohammadian M, Balachandran BM (2012) Network security evaluation method via attack graphs and fuzzy cognitive maps. In: Intelligent decision technologies. Springer, pp 433–440

    Google Scholar 

  9. Shanmugasundaram K, Memon N, Savant A, Bronnimann H (2003) ForNet: a distributed forensics network. In: Computer network security. Springer, pp 1–16

    Google Scholar 

  10. Khan S, Gani A, Wahab AWA, Bagiwa MA, Shiraz M, Khan SU et al (2016) Cloud log forensics: foundations, state of the art, and future directions. ACM Comput Surv (CSUR) 49:7

    Google Scholar 

  11. Kim HS, Kim HK (2011) Network forensic evidence acquisition (NFEA) with packet marking. In: 2011 ninth IEEE international symposium on parallel and distributed processing with applications workshops (ISPAW), pp 388–393

    Google Scholar 

  12. Jeong E, Lee B (2013) An IP traceback protocol using a compressed hash table, a sinkhole router and data mining based on network forensics against network attacks. Future Gener Comput Syst

    Google Scholar 

  13. Ren W, Jin H (2005) Distributed agent-based real-time network intrusion forensics system architecture design. In: 19th international conference on advanced information networking and applications, AINA 2005, pp 177–182

    Google Scholar 

  14. Cusack B, Alqahtani M (2013) Acquisition of evidence from network intrusion detection systems

    Google Scholar 

  15. Zhang Z, Wang S, Kadobayashi Y (2012) Exploring attack graph for cost-benefit security hardening: a probabilistic approach. Comput Secur

    Google Scholar 

  16. Li S, Schmitz R (2009) A novel anti-phishing framework based on honeypots. IEEE

    Google Scholar 

  17. Xu J, Yu Y, Chen Z, Cao B, Dong W, Guo Y et al (2013) MobSafe: cloud computing based forensic analysis for massive mobile applications using data mining. Tsinghua Sci Technol 18

    Google Scholar 

  18. Waschke M (2017) Personal cybersecurity: how to avoid and recover from cybercrime. Apress Business, pp 221–229

    Google Scholar 

  19. Bayuk J (ed) (2010) Cyber forensics: understanding information security investigations. Springer’s Forensic Laboratory Science Series, vol 59. Humana Press, pp 59–101

    Google Scholar 

  20. Casey E (2010) Handbook of digital forensics and investigation. Elsevier, pp 21–208

    Google Scholar 

  21. Raj M (2015) Python penetration testing essentials. Packt Publishing, pp 57–84

    Google Scholar 

  22. Kao D-Y, Wang Y-S, Tsai F-C, Chen C-H (2018) Forensic analysis of network packets from penetration test toolkits. In: ICACT

    Google Scholar 

  23. Liao N, Tian S, Wang T (2009) Network forensics based on fuzzy logic and expert system. Comput Commun 32:1881–1892

    Google Scholar 

  24. Asrizal Digital Forensik Apa dan Bagaimana (in press). Accessed 30 Dec 2010

  25. Lessing M, Von Solms B (2008) Live forensic acquisition as alternative to traditional forensic processes

    Google Scholar 

  26. Hunt R (2010) New developments in network forensics tools and techniques. IEEE

    Google Scholar 

  27. Pilli ES, Joshi RC, Niyogi R (2010) A generic framework for network forensics. Int J Comput Appl 1(11)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to D. Shashidhara .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shashidhara, D., Minavathi (2019). A Survey: On Network Forensic Data Acquisition and Analysis Tools. In: Sridhar, V., Padma, M., Rao, K. (eds) Emerging Research in Electronics, Computer Science and Technology. Lecture Notes in Electrical Engineering, vol 545. Springer, Singapore.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-5801-2

  • Online ISBN: 978-981-13-5802-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics