SlideShare a Scribd company logo

Collecting and analyzing network-based evidence

C
CSITiaesprime

Since nearly the beginning of the Internet, malware has been a significant deterrent to productivity for end users, both personal and business related. Due to the pervasiveness of digital technologies in all aspects of human lives, it is increasingly unlikely that a digital device is involved as goal, medium or simply ‘witness’ of a criminal event. Forensic investigations include collection, recovery, analysis, and presentation of information stored on network devices and related to network crimes. These activities often involve wide range of analysis tools and application of different methods. This work presents methods that helps digital investigators to correlate and present information acquired from forensic data, with the aim to get a more valuable reconstructions of events or action to reach case conclusions. Main aim of network forensic is to gather evidence. Additionally, the evidence obtained during the investigation must be produced through a rigorous investigation procedure in a legal context.

Technology
1 of 6
Download to read offline
Computer Science and Information Technologies Vol. 5, No. 1, March 2024, pp. 1~6 ISSN: 2722-3221, DOI: 10.11591/csit.v5i1.pp1-6  1 Journal homepage: http://iaesprime.com/index.php/csit Collecting and analyzing network-based evidence Ashwini K. Singh1 , Dhwaniket Kamble2 , Abhishek Bains1 , Naman Tiwari1 , Tejas R. Deshmukh1 , Sanidhya Pandey1 , Hemant Kumar1 , Diksha M. Bhalerao2 1 Department of Information Technology, Bharti Vidyapeeth Deemed University, Maharashtra, Navi Mumbai-410210, India 2 Department of Computer Science and Engineering, Faculty of Bharti Vidyapeeth Deemed University, Maharashtra, Navi Mumbai- 410210, India Article Info ABSTRACT Article history: Received Dec 28, 2022 Revised May 29, 2023 Accepted Dec 23, 2023 Since nearly the beginning of the Internet, malware has been a significant deterrent to productivity for end users, both personal and business related. Due to the pervasiveness of digital technologies in all aspects of human lives, it is increasingly unlikely that a digital device is involved as goal, medium or simply ‘witness’ of a criminal event. Forensic investigations include collection, recovery, analysis, and presentation of information stored on network devices and related to network crimes. These activities often involve wide range of analysis tools and application of different methods. This work presents methods that helps digital investigators to correlate and present information acquired from forensic data, with the aim to get a more valuable reconstructions of events or action to reach case conclusions. Main aim of network forensic is to gather evidence. Additionally, the evidence obtained during the investigation must be produced through a rigorous investigation procedure in a legal context. Keywords: Analysis Evidence Network forensics Network traffic Sniffing This is an open access article under the CC BY-SA license. Corresponding Author: Dhwaniket Kamble Department of Computer Science and Engineering, Faculty of Bharti Vidyapeeth Deemed University Navi Mumbai – 410210, India Email: drkamble@bvucoep.edu.in 1. INTRODUCTION Integrating network sniffing, capturing, and analysis is part of network forensics. Utilizing traffic and event logs, a network security incident can be analyzed. Network forensics are essential to determine the kind of network assault and find the offenders. Additionally, the evidence obtained during the investigation must be produced through a rigorous investigation procedure in a legal context [1]. Nevertheless, there are several reasons why network forensics is a difficult task. First, while capturing network traffic through a network is straightforward in theory, it is somewhat challenging in practice because of several underlying issues, such as the volume of data flowing over the network and the complexity of Internet protocols. As a result, extensive resources are needed for network traffic recording [2]. Due to the huge quantities, it is frequently impossible to record all the data that is transmitted across the network. Again, for later examination, this recorded data needs to be backed up to free recording medium [3], [4]. Furthermore, the most important and time-consuming duty is the examination of recorded data [5]. There are several automated analysis tools available for forensic use, but they are insufficient because there is no way to distinguish malicious traffic produced by an attacker from a pool of legitimate traffic with absolute certainty. Because there is always a danger of receiving false positive results when using automated traffic analysis tools, human judgement is equally essential. However, precautions should be taken to assure network forensics preparedness in advance, such as by setting up proper event recording and data collection systems that can provide important artifacts for examination during forensics inquiry.
 ISSN: 2722-3221 Comput Sci Inf Technol, Vol. 5, No. 1, March 2024: 1-6 2 2. METHOD 2.1. Collecting evidence Locating and gathering information that is often present among network devices and along the traffic paths inside a network. This data gathering is essential in the event of an incident where an outside threat source is trying to control internal systems or steal information from the network [6], [7]. When evaluating host evidence, network-based evidence is particularly helpful since it offers a second source of event corroboration, which is crucial for identifying an incident's primary cause [8], [9]. 2.1.1. Via sniffers A network's information traffic can be a useful source of information about intrusions or strange connections. Network sniffers, also known as packet sniffers, are tools that can intercept and record network traffic. They were created in response to the necessity to collect this data. Sniffers place network interface cards (NICs) in promiscuous mode, allowing them to listen to and record every bit of data sent over the network. Hardware taps and spanned ports make switched networks easier to sniff [10]. In addition to the physical and data-link layer, sniffers also capture traffic from the network and transport levels. Because of its monitoring and analysis capabilities, a packet sniffer is used in network forensics to manage traffic, monitor network components, and detect breaches. Sniffers are used by forensic investigators to examine any suspicious application or apparatus. A few examples of sniffers are as follows: a. Sniffing tool: tcpdump When a Boolean input expression matches a packet on a network interface, Tcpdump prints out a description of the contents of the packet. The -w parameter instructs the programme to store the packet data to a file for subsequent analysis, and the -r flag instructs the programme to read packets from a saved packet file as opposed to a network interface. Tcpdump only ever examines packets that exactly match the supplied phrase. Tcpdump captures packets until it is interrupted by a signals intelligence (SIGINT) or SIGTERM signal, or if the specified number of packets have been processed, if it is run without the -c flag. If run with the -c flag, it captures packets until it is interrupted by a SIGINT or SIGTERM signal, or if the specified number of packets have been processed. b. Sniffing tool: wireshark A GUI network protocol analyzer is titled Wireshark. It allows the investigator to interactively view packet data from either a captured file or a live network. The native capture file format for Wireshark is libpcap, which is also the format supported by tcpdump and a number of other utilities. Investigators have the option to do live capture and offline analysis while also being able to perform thorough inspection of hundreds of protocols using Wireshark. It works with several operating systems, including Windows OS, Linux, macOS, Solaris, FreeBSD, and NetBSD. Any file type that has been compressed using gzip may be read by Wireshark. The .gz extension is not necessary for Wireshark to recognize this; it does so directly from the file [11]. Three views of a packet are displayed in Wireshark's main window, similar to other protocol analyzers. It displays a line that summarizes the contents of the packet. It displays a protocol tree that enables the researcher to dig down to the specific protocol or topic of interest. A hex dump demonstrates exactly how the packet appears as it travels across the wire. 2.1.2. Via security information and event management system (SIEM) The nature of signing on to network devices is a major issue that a lot of companies face. Log files are frequently rolled over, whereby new log files are written over previous log files, due to a lack of space. As a result, an organization can occasionally only have a few days or even a few hours' worth of crucial logs. The incident response team will lack crucial pieces of evidence if a possible event occurred several weeks earlier [12]. An enterprise-wide technology that has gained popularity is the SIEM system. These appliances have the capacity to gather log and event information from several network sources and consolidate it in one place. This eliminates the need to look at individual systems and enables the computer security incident response team (CSIRT) and other security experts to monitor activities across the whole network [13], [14]. Logs are set to be sent to the SIEM from a number of sources, including structured query language (SQL) databases and security controls. The user account was used in this instance to copy a database to the remote server at 10.88.6.12, according to the SQL database at 10.100.20.18. This kind of behavior may be quickly examined thanks to the SIEM. If it is discovered that the account was hacked, for instance, CSIRT analysts can instantly search the SIEM for any activity involving that account. The log record indicating a database copy to the remote computer would then be visible to them. Without the SIEM, CSIRT analysts would have to search every single system that may have been accessed, which might be a time-consuming procedure [15], [16].
Comput Sci Inf Technol ISSN: 2722-3221  Collecting and analyzing network-based evidence (Ashwini K. Singh) 3 2.2. Analyzing evidence In this procedure, we analyze the information obtained during the previous step in this phase using instruments and methods that may transform readily available information into strong proof that aids in resolving the "W questions: what, when, what, where, and how?”. This stage allows us to fully comprehend the case and reasons that could be at play [17], [18]. It may be feasible to clearly identify the Case type: unintentional, dissatisfied employee, industrial espionage. 2.2.1. Analyzing traffic for sniffing attempts and SMB password cracking attempts In eavesdropping techniques like sniffing and man-in-the-middle assaults, an attacker places oneself in between a client and a server to intercept messages. Attackers snoop through network traffic looking for private data [11]. When trying to crack a server message block (SMB) password, Wireshark's network traffic analysis would show many attempts to log in using various identities [19], [20]. A brute-force attack attempt on the SMB protocol is clearly suggested by the data intercepted by Wireshark, which also shows many usernames and the message "Error: STATUS LOGON FAILURE." 2.2.2. Analyze traffic for MAC flooding attempt A port on the switch is connected to by the attacker while using the active sniffing technique known as media access control attack or MAC flooding. They fire out an onslaught of Ethernet transmissions with phoney MAC addresses. The attacker is attempting to access a content addressable memory (CAM) table that the switch keeps. As a result, another name for this attack is CAM flooding attack [21]. MAC flooded packets are regarded as faulty packets by Wireshark. Wireshark's source and destination addresses, as well as the packet's time to live, can help an investigator identify a MAC flooding effort (TTL). To accomplish this, go to the Analyze Expert Information tab and look at the corrupted packets [22]. 2.2.3. Analyze traffic for TCP SYN flood DoS attack SYN flooding is a sort of DoS attack in which the attacker uses several fake IP addresses to deliver a huge volume of SYN packets to the target server continuously. The server transmits SYN-ACK packets in response to the SYN packets, but no ACK packet is received from the client to complete the three-way TCP handshake. Thus, the attacker may swiftly deplete the target server's CPU and RAM resources and make it unresponsive, which finally leads to DoS. 2.2.4. Analyze traffic for file transfer protocol (FTP) password cracking attempts Password cracking is the process of acquiring or recovering passwords either by performing a password guessing effort using a file containing frequently used passwords, or by utilising trial and error. Dictionary assaults and brute force attacks are the names of these strategies, respectively. By counting the number of login attempts made from the same IP address or username, a detective can spot this kind of assault. The FTP is a widely used protocol for transferring files between computers utilizing the TCP/IP suite over the Internet. FTP is a client-server protocol that uses two channels of communication to connect a client and server. The management of the discussions is done by one, and the transmission of the actual material is done by the other. The server replies to a client's request for a download by providing the specific file requested. The user must enter their username and password to log into the FTP server before starting an FTP session. An FTP password assault involves the attacker attempting to discover any authorized user's password. 2.2.5. Analyze traffic for ARP poisoning attempt A port on the switch is connected to by the attacker while using the active sniffing technique known as MAC flooding. They fire out an onslaught of Ethernet transmissions with phoney MAC addresses. The attacker is attempting to access a content addressable memory (CAM) table that the switch keeps. As a result, another name for this attack is CAM flooding attack. The warning message "multiple usage of IP address> detected" is displayed by Wireshark when duplicate IP addresses are found on the ARP protocol. After collecting the packets, you may use the filter arp.duplicate-addressdetected to look for signs of an ARP poisoning attack. 2.2.6. Analyze traffic to detect malware activity The traces of a malware infection can be found in the ongoing network traffic patterns. Once installed on the target machine, malware often try to connect to their Command-and-Control (C2) server for data exfiltration or further instructions. It accomplishes this task by connecting to certain IP addresses or opening certain ports on the target system, which can be tracked by tools like Wireshark [23].
 ISSN: 2722-3221 Comput Sci Inf Technol, Vol. 5, No. 1, March 2024: 1-6 4 Run Wireshark on the computer that is thought to be infected with malware, then look through the current traffic patterns for any oddities. Once any suspicious or odd ports or IP addresses have been identified, you should search internet databases to see whether any malware is using those ports or if they are susceptible. As seen in the picture below, internet research into the suspicious port using speedguide.net's port database discovered that the njRAT malware frequently uses it as a default port. 2.2.7. Analyze traffic for SYN-FIN flood DoS attack A connection is established by the SYN flag, and it is broken by the FIN flag. The attacker floods the network by setting both the SYN and FIN flags in a SYN/FIN DoS attempt. SYN and FIN are not often set at the same time in a TCP conversation. A SYN/FIN DDoS attack is evident if an administrator notices traffic that has both the SYN and FIN flags set. The server's firewall might get overloaded during a SYN/FIN DDoS attack by delivering the packets continuously. 3. CONCLUSION The main objective of the following research was to collect and analyze network-based evidence. The aim has been achieved successfully. Collection of evidence is accomplished via various sniffer tools such as tcpdump, wireshark, and Security information and Event management system (SIEM), an automated system used by large enterprises to sort through system logs to generate possible attack report. Whereas for analysis of evidence is performed by analyzing the traffic for Sniffing Attempts, MAC Flooding Attempt, FTP Password Cracking Attempts, ARP Poisoning Attempt, Malware Activity and others. Evidence are not just collected in hard disks and secondary storages. There is a wealth of information available from network devices spread throughout the environment. With proper preparation, a CSIRT may be able to leverage the evidence provided by these devices through solutions such as a SIEM. Greatest challenges in network forensics is quantity of data generated by the network which counts around gigabytes of memory per day. This paper will help to create legal boundaries and present evidence in more analyzed way by preparing for the legal and tackle all the technical challenges of network evidence collection and Analyses. REFERENCES [1] J. He, C. Chang, P. He, and M. S. Pathan, “Network Forensics Method Based on Evidence Graph and Vulnerability Reasoning,” Future Internet, vol. 8, no. 4, 2016, doi: 10.3390/fi8040054. [2] S. Qureshi, S. Tunio, F. Akhtar, A. Wajahat, A. Nazir, and F. Ullah, “Network Forensics: A Comprehensive Review of Tools and Techniques,” International Journal of Advanced Computer Science and Applications, vol. 12, p. 2021, May 2021, doi: 10.14569/IJACSA.2021.01205103. [3] Y. Ping, “Study on the main form of network crime from the view of criminology,” Proceedings 2011 International Conference on Human Health and Biomedical Engineering, HHBE 2011, pp. 1108–1111, 2011, doi: 10.1109/HHBE.2011.6029018. [4] P. Wright and W. Fone, “Designing and managing networks to aid the capture and preservation of evidence to support the fight against e-crime,” 2007 IEEE International Conference on Networking, Sensing and Control, ICNSC’07, pp. 251–254, 2007, doi: 10.1109/ICNSC.2007.372786. [5] Z. Tian, W. Jiang, Y. Li, and L. Dong, “A digital evidence fusion method in network forensics systems with Dempster-shafer theory,” China Communications, vol. 11, no. 5, pp. 91–97, 2014, doi: 10.1109/CC.2014.6880464. [6] B. C. Cheng and H. Chen, “Quality assurance for evidence collection in network forensics,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4298 LNCS, pp. 121–132, 2007, doi: 10.1007/978-3-540-71093-6_10/COVER. [7] A. Castiglione, G. Cattaneo, G. De Maio, and A. De Santis, “Forensically-Sound Methods to Collect Live Network Evidence,” 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA), pp. 405–412, 2013, doi: 10.1109/AINA.2013.133. [8] H. S. Kim and H. K. Kim, “Network Forensic Evidence Acquisition (NFEA) with packet marking,” Proceedings - 9th IEEE International Symposium on Parallel and Distributed Processing with Applications Workshops, ISPAW 2011 - ICASE 2011, SGH 2011, GSDP 2011, pp. 388–393, 2011, doi: 10.1109/ISPAW.2011.27. [9] M. Kumar, M. Hanumanthappa, and T. V. S. Kumar, “Crime investigation and criminal network analysis using archive call detail records,” 2016 8th International Conference on Advanced Computing, ICoAC 2016, pp. 46–50, Jun. 2017, doi: 10.1109/ICOAC.2017.7951743. [10] B. Turnbull and J. Slay, “Wi-Fi network signals as a source of digital evidence: Wireless network forensics,” ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings, pp. 1355–1360, 2008, doi: 10.1109/ARES.2008.135. [11] N. Paxton, G. J. Ahn, and B. Chu, “Towards practical framework for collecting and analyzing network-centric attacks,” 2007 IEEE International Conference on Information Reuse and Integration, IEEE IRI-2007, pp. 73–78, 2007, doi: 10.1109/IRI.2007.4296600. [12] J. O. Nehinbe and P. Damuut, “Security issues in sensor networks and gathering admissible evidence in network forensics,” Proceedings - UKSim 5th European Modelling Symposium on Computer Modelling and Simulation, EMS 2011, pp. 394–399, 2011, doi: 10.1109/EMS.2011.95. [13] A. J. Masys, Ed., “Networks and Network Analysis for Defence and Security,” 2014, doi: 10.1007/978-3-319-04147-6. [14] Digital Forensics Essentials Professional Series and EC-COUNCIL OFFICIAL CURRICULA., Digital Forensics Essentials Version 1. , Version 1., vol. 1. EC-COUNCIL, 2021.
Comput Sci Inf Technol ISSN: 2722-3221  Collecting and analyzing network-based evidence (Ashwini K. Singh) 5 [15] C. Liu, A. Singhal, and D. Wijesekera, “A logic-based network forensic model for evidence analysis,” IFIP Adv Inf Commun Technol, vol. 462, pp. 129–145, 2015, doi: 10.1007/978-3-319-24123-4_8/COVER. [16] “Network Forensics: An Analysis of Techniques, Tools and Trends | Request PDF.” https://www.researchgate.net/publication/311739657_Network_Forensics_An_Analysis_of_Techniques_Tools_and_Trends (accessed May 30, 2023). [17] B. B. Jayasingh and M. R. Patra, “Rule Based Evidence Mining for Network Attack,” pp. 23–28, Apr. 2008, doi: 10.1109/ICIT.2007.47. [18] I. Volarevic, M. Tomic, and L. Milohanic, “Network forensics,” 2022 45th Jubilee International Convention on Information, Communication and Electronic Technology, MIPRO 2022 - Proceedings, pp. 1025–1030, 2022, doi: 10.23919/MIPRO55190.2022.9803427. [19] Y. H. Liu, G. L. Chen, and L. Xie, “An email forensics analysis method based on social network analysis,” Proceedings - 2013 International Conference on Cloud Computing and Big Data, CLOUDCOM-ASIA 2013, pp. 563–569, 2013, doi: 10.1109/CLOUDCOM-ASIA.2013.38. [20] “Network Evidence Collection | Packt Hub.” https://hub.packtpub.com/network-evidence-collection/ (accessed May 30, 2023). [21] D. H. Kim and H. P. In, “Cyber criminal activity analysis models using Markov Chain for digital forensics,” Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008, pp. 193–198, 2008, doi: 10.1109/ISA.2008.90. [22] N. Mohd Zainudin, M. Merabti, and D. Llewellyn-Jones, “Online social networks as supporting evidence: A digital forensic investigation model and its application design,” 2011 International Conference on Research and Innovation in Information Systems, ICRIIS’11, 2011, doi: 10.1109/ICRIIS.2011.6125728. [23] R. Zhang, M. Xie, and J. Bian, “ReLF: Scalable Remote Live Forensics for Android,” Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021, pp. 822–831, 2021, doi: 10.1109/TRUSTCOM53373.2021.00117. BIOGRAPHIES OF AUTHORS Ashwini Kumar Singh is a student studying at Bharti Vidyapeeth Deemed University. Department of Engineering and Technology, in the Department of Information Technology. He can be contacted at email: ashwinikmrsngh@gmail.com. Dhwaniket Kamble is working as an Assistant Professor at Bharti Vidyapeeth Deemed University, Department of Engineering and Technology, in the Computer Science and Engineering Department. His academic qualification is Ph.D. (Pursuing), M.E (IT), B.E (IT), and Diploma (IT). His research area includes Digital Forensics, Ethical Hacking, Cyber Security and Cyber Laws, Design Thinking and Software Engineering. He has published various International Journal papers. He can be contacted at email: drkamble@bvucoep.edu.in Abhishek Bains is a student studying at Bharti Vidyapeeth Deemed University. Department of Engineering and Technology, in the Department of Information Technology. He can be contacted at email: abhishekbains1212@gmail.com. Naman Tiwari is a student studying at Bharti Vidyapeeth Deemed University. Department of Engineering and Technology, in the Department of Information Technology. He can be contacted at email: naman.tiwari2022@gmail.com.
 ISSN: 2722-3221 Comput Sci Inf Technol, Vol. 5, No. 1, March 2024: 1-6 6 Tejas Ravindra Deshmukh is a student studying at Bharti Vidyapeeth Deemed University. Department of Engineering and Technology, in the Department of Information Technology. Sanidhya Pandey is a student studying at Bharti Vidyapeeth Deemed University. Department of Engineering and Technology, in the Department of Information Technology. Hemant Kumar is a student studying at Bharti Vidyapeeth Deemed University. Department of Engineering and Technology, in the Department of Information Technology. Diksha M. Bhalerao is working as an Assistant Professor in Bharati Vidyapeeth Deemed University, Department of Engineering and Technology, in Computer Science Engineering. Her academic qualification is M.E (Computer Engineering), B.E (Computer Engineering). Her research area includes Machine Learning and Web Service. She can be contacted at email: dmbhalerao@bvucoep.edu.in.

Recommended

Topic Since information extracted from router or switch interfaces.docx
Topic Since information extracted from router or switch interfaces.docxTopic Since information extracted from router or switch interfaces.docx
Topic Since information extracted from router or switch interfaces.docxjuliennehar
 
Network Forensic Investigation of HTTPS Protocol
Network Forensic Investigation of HTTPS ProtocolNetwork Forensic Investigation of HTTPS Protocol
Network Forensic Investigation of HTTPS ProtocolIJMER
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.finalAlexisHarvey8
 
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessDavid Sweigert
 
Database techniques for resilient network monitoring and inspection
Database techniques for resilient network monitoring and inspectionDatabase techniques for resilient network monitoring and inspection
Database techniques for resilient network monitoring and inspectionTELKOMNIKA JOURNAL
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systemsijsrd.com
 
IRJET - Digital Forensics Analysis for Network Related Data
IRJET - Digital Forensics Analysis for Network Related DataIRJET - Digital Forensics Analysis for Network Related Data
IRJET - Digital Forensics Analysis for Network Related DataIRJET Journal
 
A secure network forensics system for cyber incidents analysis
A secure network forensics system for cyber incidents analysisA secure network forensics system for cyber incidents analysis
A secure network forensics system for cyber incidents analysisSwapnil Jagtap
 

Recommended

Topic Since information extracted from router or switch interfaces.docx
Topic Since information extracted from router or switch interfaces.docxTopic Since information extracted from router or switch interfaces.docx
Topic Since information extracted from router or switch interfaces.docxjuliennehar
 
Network Forensic Investigation of HTTPS Protocol
Network Forensic Investigation of HTTPS ProtocolNetwork Forensic Investigation of HTTPS Protocol
Network Forensic Investigation of HTTPS ProtocolIJMER
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.finalAlexisHarvey8
 
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessDavid Sweigert
 
Database techniques for resilient network monitoring and inspection
Database techniques for resilient network monitoring and inspectionDatabase techniques for resilient network monitoring and inspection
Database techniques for resilient network monitoring and inspectionTELKOMNIKA JOURNAL
 
Comparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic SystemsComparative Analysis: Network Forensic Systems
Comparative Analysis: Network Forensic Systemsijsrd.com
 
IRJET - Digital Forensics Analysis for Network Related Data
IRJET - Digital Forensics Analysis for Network Related DataIRJET - Digital Forensics Analysis for Network Related Data
IRJET - Digital Forensics Analysis for Network Related DataIRJET Journal
 
A secure network forensics system for cyber incidents analysis
A secure network forensics system for cyber incidents analysisA secure network forensics system for cyber incidents analysis
A secure network forensics system for cyber incidents analysisSwapnil Jagtap
 
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...IRJET Journal
 
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET Journal
 
A proposed architecture for network
A proposed architecture for networkA proposed architecture for network
A proposed architecture for networkIJCNCJournal
 
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer ForensicEditor IJCTER
 
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET Journal
 
A honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityA honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityIAEME Publication
 
Network Security: Experiment of Network Health Analysis At An ISP
Network Security: Experiment of Network Health Analysis At An ISPNetwork Security: Experiment of Network Health Analysis At An ISP
Network Security: Experiment of Network Health Analysis At An ISPCSCJournals
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYUSE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYIJMIT JOURNAL
 
Use of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityUse of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityIJMIT JOURNAL
 
Network forensics
Network forensicsNetwork forensics
Network forensicsArthyR3
 
Advance Technology
Advance TechnologyAdvance Technology
Advance TechnologyExport Promotion Bureau
 
Evaluating Network Forensics Applying Advanced Tools
Evaluating Network Forensics Applying Advanced ToolsEvaluating Network Forensics Applying Advanced Tools
Evaluating Network Forensics Applying Advanced ToolsIJAEMSJORNAL
 
CY.pptx
CY.pptxCY.pptx
CY.pptxCATalyst9
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET Journal
 
D03302030036
D03302030036D03302030036
D03302030036theijes
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentationUshnish Chowdhury
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised AlgorithmsDDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
 
Hybrid model for detection of brain tumor using convolution neural networks
Hybrid model for detection of brain tumor using convolution neural networksHybrid model for detection of brain tumor using convolution neural networks
Hybrid model for detection of brain tumor using convolution neural networksCSITiaesprime
 
Implementing lee's model to apply fuzzy time series in forecasting bitcoin price
Implementing lee's model to apply fuzzy time series in forecasting bitcoin priceImplementing lee's model to apply fuzzy time series in forecasting bitcoin price
Implementing lee's model to apply fuzzy time series in forecasting bitcoin priceCSITiaesprime
 

More Related Content

Similar to Collecting and analyzing network-based evidence

IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...IRJET Journal
 
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET Journal
 
A proposed architecture for network
A proposed architecture for networkA proposed architecture for network
A proposed architecture for networkIJCNCJournal
 
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer ForensicEditor IJCTER
 
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET Journal
 
A honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityA honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityIAEME Publication
 
Network Security: Experiment of Network Health Analysis At An ISP
Network Security: Experiment of Network Health Analysis At An ISPNetwork Security: Experiment of Network Health Analysis At An ISP
Network Security: Experiment of Network Health Analysis At An ISPCSCJournals
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYUSE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYIJMIT JOURNAL
 
Use of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityUse of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityIJMIT JOURNAL
 
Network forensics
Network forensicsNetwork forensics
Network forensicsArthyR3
 
Evaluating Network Forensics Applying Advanced Tools
Evaluating Network Forensics Applying Advanced ToolsEvaluating Network Forensics Applying Advanced Tools
Evaluating Network Forensics Applying Advanced ToolsIJAEMSJORNAL
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET Journal
 
D03302030036
D03302030036D03302030036
D03302030036theijes
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentationUshnish Chowdhury
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised AlgorithmsDDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
 

Similar to Collecting and analyzing network-based evidence (20)

IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...
 
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
 
A proposed architecture for network
A proposed architecture for networkA proposed architecture for network
A proposed architecture for network
 
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer Forensic
 
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...IRJET- An Intrusion Detection and Protection System by using Data Mining ...
IRJET- An Intrusion Detection and Protection System by using Data Mining ...
 
A honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network securityA honeynet framework to promote enterprise network security
A honeynet framework to promote enterprise network security
 
Network Security: Experiment of Network Health Analysis At An ISP
Network Security: Experiment of Network Health Analysis At An ISPNetwork Security: Experiment of Network Health Analysis At An ISP
Network Security: Experiment of Network Health Analysis At An ISP
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
 
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYUSE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
 
Use of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityUse of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network security
 
Network forensics
Network forensicsNetwork forensics
Network forensics
 
Advance Technology
Advance TechnologyAdvance Technology
Advance Technology
 
Evaluating Network Forensics Applying Advanced Tools
Evaluating Network Forensics Applying Advanced ToolsEvaluating Network Forensics Applying Advanced Tools
Evaluating Network Forensics Applying Advanced Tools
 
CY.pptx
CY.pptxCY.pptx
CY.pptx
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud Environment
 
D03302030036
D03302030036D03302030036
D03302030036
 
Final_year_project_documentation
Final_year_project_documentationFinal_year_project_documentation
Final_year_project_documentation
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised AlgorithmsDDoS Attack Detection on Internet o Things using Unsupervised Algorithms
DDoS Attack Detection on Internet o Things using Unsupervised Algorithms
 

More from CSITiaesprime

Hybrid model for detection of brain tumor using convolution neural networks
Hybrid model for detection of brain tumor using convolution neural networksHybrid model for detection of brain tumor using convolution neural networks
Hybrid model for detection of brain tumor using convolution neural networksCSITiaesprime
 
Implementing lee's model to apply fuzzy time series in forecasting bitcoin price
Implementing lee's model to apply fuzzy time series in forecasting bitcoin priceImplementing lee's model to apply fuzzy time series in forecasting bitcoin price
Implementing lee's model to apply fuzzy time series in forecasting bitcoin priceCSITiaesprime
 
Sentiment analysis of online licensing service quality in the energy and mine...
Sentiment analysis of online licensing service quality in the energy and mine...Sentiment analysis of online licensing service quality in the energy and mine...
Sentiment analysis of online licensing service quality in the energy and mine...CSITiaesprime
 
Trends in sentiment of Twitter users towards Indonesian tourism: analysis wit...
Trends in sentiment of Twitter users towards Indonesian tourism: analysis wit...Trends in sentiment of Twitter users towards Indonesian tourism: analysis wit...
Trends in sentiment of Twitter users towards Indonesian tourism: analysis wit...CSITiaesprime
 
The impact of usability in information technology projects
The impact of usability in information technology projectsThe impact of usability in information technology projects
The impact of usability in information technology projectsCSITiaesprime
 
Agile adoption challenges in insurance: a systematic literature and expert re...
Agile adoption challenges in insurance: a systematic literature and expert re...Agile adoption challenges in insurance: a systematic literature and expert re...
Agile adoption challenges in insurance: a systematic literature and expert re...CSITiaesprime
 
Exploring network security threats through text mining techniques: a comprehe...
Exploring network security threats through text mining techniques: a comprehe...Exploring network security threats through text mining techniques: a comprehe...
Exploring network security threats through text mining techniques: a comprehe...CSITiaesprime
 
An LSTM-based prediction model for gradient-descending optimization in virtua...
An LSTM-based prediction model for gradient-descending optimization in virtua...An LSTM-based prediction model for gradient-descending optimization in virtua...
An LSTM-based prediction model for gradient-descending optimization in virtua...CSITiaesprime
 
Generalization of linear and non-linear support vector machine in multiple fi...
Generalization of linear and non-linear support vector machine in multiple fi...Generalization of linear and non-linear support vector machine in multiple fi...
Generalization of linear and non-linear support vector machine in multiple fi...CSITiaesprime
 
Designing a framework for blockchain-based e-voting system for Libya
Designing a framework for blockchain-based e-voting system for LibyaDesigning a framework for blockchain-based e-voting system for Libya
Designing a framework for blockchain-based e-voting system for LibyaCSITiaesprime
 
Development reference model to build management reporter using dynamics great...
Development reference model to build management reporter using dynamics great...Development reference model to build management reporter using dynamics great...
Development reference model to build management reporter using dynamics great...CSITiaesprime
 
Social media and optimization of the promotion of Lake Toba tourism destinati...
Social media and optimization of the promotion of Lake Toba tourism destinati...Social media and optimization of the promotion of Lake Toba tourism destinati...
Social media and optimization of the promotion of Lake Toba tourism destinati...CSITiaesprime
 
Caring jacket: health monitoring jacket integrated with the internet of thing...
Caring jacket: health monitoring jacket integrated with the internet of thing...Caring jacket: health monitoring jacket integrated with the internet of thing...
Caring jacket: health monitoring jacket integrated with the internet of thing...CSITiaesprime
 
Net impact implementation application development life-cycle management in ba...
Net impact implementation application development life-cycle management in ba...Net impact implementation application development life-cycle management in ba...
Net impact implementation application development life-cycle management in ba...CSITiaesprime
 
Circularly polarized metamaterial Antenna in energy harvesting wearable commu...
Circularly polarized metamaterial Antenna in energy harvesting wearable commu...Circularly polarized metamaterial Antenna in energy harvesting wearable commu...
Circularly polarized metamaterial Antenna in energy harvesting wearable commu...CSITiaesprime
 
An ensemble approach for the identification and classification of crime tweet...
An ensemble approach for the identification and classification of crime tweet...An ensemble approach for the identification and classification of crime tweet...
An ensemble approach for the identification and classification of crime tweet...CSITiaesprime
 
National archival platform system design using the microservice-based service...
National archival platform system design using the microservice-based service...National archival platform system design using the microservice-based service...
National archival platform system design using the microservice-based service...CSITiaesprime
 
Antispoofing in face biometrics: A comprehensive study on software-based tech...
Antispoofing in face biometrics: A comprehensive study on software-based tech...Antispoofing in face biometrics: A comprehensive study on software-based tech...
Antispoofing in face biometrics: A comprehensive study on software-based tech...CSITiaesprime
 
The antecedent e-government quality for public behaviour intention, and exten...
The antecedent e-government quality for public behaviour intention, and exten...The antecedent e-government quality for public behaviour intention, and exten...
The antecedent e-government quality for public behaviour intention, and exten...CSITiaesprime
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingCSITiaesprime
 

More from CSITiaesprime (20)

Hybrid model for detection of brain tumor using convolution neural networks
Hybrid model for detection of brain tumor using convolution neural networksHybrid model for detection of brain tumor using convolution neural networks
Hybrid model for detection of brain tumor using convolution neural networks
 
Implementing lee's model to apply fuzzy time series in forecasting bitcoin price
Implementing lee's model to apply fuzzy time series in forecasting bitcoin priceImplementing lee's model to apply fuzzy time series in forecasting bitcoin price
Implementing lee's model to apply fuzzy time series in forecasting bitcoin price
 
Sentiment analysis of online licensing service quality in the energy and mine...
Sentiment analysis of online licensing service quality in the energy and mine...Sentiment analysis of online licensing service quality in the energy and mine...
Sentiment analysis of online licensing service quality in the energy and mine...
 
Trends in sentiment of Twitter users towards Indonesian tourism: analysis wit...
Trends in sentiment of Twitter users towards Indonesian tourism: analysis wit...Trends in sentiment of Twitter users towards Indonesian tourism: analysis wit...
Trends in sentiment of Twitter users towards Indonesian tourism: analysis wit...
 
The impact of usability in information technology projects
The impact of usability in information technology projectsThe impact of usability in information technology projects
The impact of usability in information technology projects
 
Agile adoption challenges in insurance: a systematic literature and expert re...
Agile adoption challenges in insurance: a systematic literature and expert re...Agile adoption challenges in insurance: a systematic literature and expert re...
Agile adoption challenges in insurance: a systematic literature and expert re...
 
Exploring network security threats through text mining techniques: a comprehe...
Exploring network security threats through text mining techniques: a comprehe...Exploring network security threats through text mining techniques: a comprehe...
Exploring network security threats through text mining techniques: a comprehe...
 
An LSTM-based prediction model for gradient-descending optimization in virtua...
An LSTM-based prediction model for gradient-descending optimization in virtua...An LSTM-based prediction model for gradient-descending optimization in virtua...
An LSTM-based prediction model for gradient-descending optimization in virtua...
 
Generalization of linear and non-linear support vector machine in multiple fi...
Generalization of linear and non-linear support vector machine in multiple fi...Generalization of linear and non-linear support vector machine in multiple fi...
Generalization of linear and non-linear support vector machine in multiple fi...
 
Designing a framework for blockchain-based e-voting system for Libya
Designing a framework for blockchain-based e-voting system for LibyaDesigning a framework for blockchain-based e-voting system for Libya
Designing a framework for blockchain-based e-voting system for Libya
 
Development reference model to build management reporter using dynamics great...
Development reference model to build management reporter using dynamics great...Development reference model to build management reporter using dynamics great...
Development reference model to build management reporter using dynamics great...
 
Social media and optimization of the promotion of Lake Toba tourism destinati...
Social media and optimization of the promotion of Lake Toba tourism destinati...Social media and optimization of the promotion of Lake Toba tourism destinati...
Social media and optimization of the promotion of Lake Toba tourism destinati...
 
Caring jacket: health monitoring jacket integrated with the internet of thing...
Caring jacket: health monitoring jacket integrated with the internet of thing...Caring jacket: health monitoring jacket integrated with the internet of thing...
Caring jacket: health monitoring jacket integrated with the internet of thing...
 
Net impact implementation application development life-cycle management in ba...
Net impact implementation application development life-cycle management in ba...Net impact implementation application development life-cycle management in ba...
Net impact implementation application development life-cycle management in ba...
 
Circularly polarized metamaterial Antenna in energy harvesting wearable commu...
Circularly polarized metamaterial Antenna in energy harvesting wearable commu...Circularly polarized metamaterial Antenna in energy harvesting wearable commu...
Circularly polarized metamaterial Antenna in energy harvesting wearable commu...
 
An ensemble approach for the identification and classification of crime tweet...
An ensemble approach for the identification and classification of crime tweet...An ensemble approach for the identification and classification of crime tweet...
An ensemble approach for the identification and classification of crime tweet...
 
National archival platform system design using the microservice-based service...
National archival platform system design using the microservice-based service...National archival platform system design using the microservice-based service...
National archival platform system design using the microservice-based service...
 
Antispoofing in face biometrics: A comprehensive study on software-based tech...
Antispoofing in face biometrics: A comprehensive study on software-based tech...Antispoofing in face biometrics: A comprehensive study on software-based tech...
Antispoofing in face biometrics: A comprehensive study on software-based tech...
 
The antecedent e-government quality for public behaviour intention, and exten...
The antecedent e-government quality for public behaviour intention, and exten...The antecedent e-government quality for public behaviour intention, and exten...
The antecedent e-government quality for public behaviour intention, and exten...
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testing
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

Collecting and analyzing network-based evidence

  • 1. Computer Science and Information Technologies Vol. 5, No. 1, March 2024, pp. 1~6 ISSN: 2722-3221, DOI: 10.11591/csit.v5i1.pp1-6  1 Journal homepage: http://iaesprime.com/index.php/csit Collecting and analyzing network-based evidence Ashwini K. Singh1 , Dhwaniket Kamble2 , Abhishek Bains1 , Naman Tiwari1 , Tejas R. Deshmukh1 , Sanidhya Pandey1 , Hemant Kumar1 , Diksha M. Bhalerao2 1 Department of Information Technology, Bharti Vidyapeeth Deemed University, Maharashtra, Navi Mumbai-410210, India 2 Department of Computer Science and Engineering, Faculty of Bharti Vidyapeeth Deemed University, Maharashtra, Navi Mumbai- 410210, India Article Info ABSTRACT Article history: Received Dec 28, 2022 Revised May 29, 2023 Accepted Dec 23, 2023 Since nearly the beginning of the Internet, malware has been a significant deterrent to productivity for end users, both personal and business related. Due to the pervasiveness of digital technologies in all aspects of human lives, it is increasingly unlikely that a digital device is involved as goal, medium or simply ‘witness’ of a criminal event. Forensic investigations include collection, recovery, analysis, and presentation of information stored on network devices and related to network crimes. These activities often involve wide range of analysis tools and application of different methods. This work presents methods that helps digital investigators to correlate and present information acquired from forensic data, with the aim to get a more valuable reconstructions of events or action to reach case conclusions. Main aim of network forensic is to gather evidence. Additionally, the evidence obtained during the investigation must be produced through a rigorous investigation procedure in a legal context. Keywords: Analysis Evidence Network forensics Network traffic Sniffing This is an open access article under the CC BY-SA license. Corresponding Author: Dhwaniket Kamble Department of Computer Science and Engineering, Faculty of Bharti Vidyapeeth Deemed University Navi Mumbai – 410210, India Email: drkamble@bvucoep.edu.in 1. INTRODUCTION Integrating network sniffing, capturing, and analysis is part of network forensics. Utilizing traffic and event logs, a network security incident can be analyzed. Network forensics are essential to determine the kind of network assault and find the offenders. Additionally, the evidence obtained during the investigation must be produced through a rigorous investigation procedure in a legal context [1]. Nevertheless, there are several reasons why network forensics is a difficult task. First, while capturing network traffic through a network is straightforward in theory, it is somewhat challenging in practice because of several underlying issues, such as the volume of data flowing over the network and the complexity of Internet protocols. As a result, extensive resources are needed for network traffic recording [2]. Due to the huge quantities, it is frequently impossible to record all the data that is transmitted across the network. Again, for later examination, this recorded data needs to be backed up to free recording medium [3], [4]. Furthermore, the most important and time-consuming duty is the examination of recorded data [5]. There are several automated analysis tools available for forensic use, but they are insufficient because there is no way to distinguish malicious traffic produced by an attacker from a pool of legitimate traffic with absolute certainty. Because there is always a danger of receiving false positive results when using automated traffic analysis tools, human judgement is equally essential. However, precautions should be taken to assure network forensics preparedness in advance, such as by setting up proper event recording and data collection systems that can provide important artifacts for examination during forensics inquiry.
  • 2.  ISSN: 2722-3221 Comput Sci Inf Technol, Vol. 5, No. 1, March 2024: 1-6 2 2. METHOD 2.1. Collecting evidence Locating and gathering information that is often present among network devices and along the traffic paths inside a network. This data gathering is essential in the event of an incident where an outside threat source is trying to control internal systems or steal information from the network [6], [7]. When evaluating host evidence, network-based evidence is particularly helpful since it offers a second source of event corroboration, which is crucial for identifying an incident's primary cause [8], [9]. 2.1.1. Via sniffers A network's information traffic can be a useful source of information about intrusions or strange connections. Network sniffers, also known as packet sniffers, are tools that can intercept and record network traffic. They were created in response to the necessity to collect this data. Sniffers place network interface cards (NICs) in promiscuous mode, allowing them to listen to and record every bit of data sent over the network. Hardware taps and spanned ports make switched networks easier to sniff [10]. In addition to the physical and data-link layer, sniffers also capture traffic from the network and transport levels. Because of its monitoring and analysis capabilities, a packet sniffer is used in network forensics to manage traffic, monitor network components, and detect breaches. Sniffers are used by forensic investigators to examine any suspicious application or apparatus. A few examples of sniffers are as follows: a. Sniffing tool: tcpdump When a Boolean input expression matches a packet on a network interface, Tcpdump prints out a description of the contents of the packet. The -w parameter instructs the programme to store the packet data to a file for subsequent analysis, and the -r flag instructs the programme to read packets from a saved packet file as opposed to a network interface. Tcpdump only ever examines packets that exactly match the supplied phrase. Tcpdump captures packets until it is interrupted by a signals intelligence (SIGINT) or SIGTERM signal, or if the specified number of packets have been processed, if it is run without the -c flag. If run with the -c flag, it captures packets until it is interrupted by a SIGINT or SIGTERM signal, or if the specified number of packets have been processed. b. Sniffing tool: wireshark A GUI network protocol analyzer is titled Wireshark. It allows the investigator to interactively view packet data from either a captured file or a live network. The native capture file format for Wireshark is libpcap, which is also the format supported by tcpdump and a number of other utilities. Investigators have the option to do live capture and offline analysis while also being able to perform thorough inspection of hundreds of protocols using Wireshark. It works with several operating systems, including Windows OS, Linux, macOS, Solaris, FreeBSD, and NetBSD. Any file type that has been compressed using gzip may be read by Wireshark. The .gz extension is not necessary for Wireshark to recognize this; it does so directly from the file [11]. Three views of a packet are displayed in Wireshark's main window, similar to other protocol analyzers. It displays a line that summarizes the contents of the packet. It displays a protocol tree that enables the researcher to dig down to the specific protocol or topic of interest. A hex dump demonstrates exactly how the packet appears as it travels across the wire. 2.1.2. Via security information and event management system (SIEM) The nature of signing on to network devices is a major issue that a lot of companies face. Log files are frequently rolled over, whereby new log files are written over previous log files, due to a lack of space. As a result, an organization can occasionally only have a few days or even a few hours' worth of crucial logs. The incident response team will lack crucial pieces of evidence if a possible event occurred several weeks earlier [12]. An enterprise-wide technology that has gained popularity is the SIEM system. These appliances have the capacity to gather log and event information from several network sources and consolidate it in one place. This eliminates the need to look at individual systems and enables the computer security incident response team (CSIRT) and other security experts to monitor activities across the whole network [13], [14]. Logs are set to be sent to the SIEM from a number of sources, including structured query language (SQL) databases and security controls. The user account was used in this instance to copy a database to the remote server at 10.88.6.12, according to the SQL database at 10.100.20.18. This kind of behavior may be quickly examined thanks to the SIEM. If it is discovered that the account was hacked, for instance, CSIRT analysts can instantly search the SIEM for any activity involving that account. The log record indicating a database copy to the remote computer would then be visible to them. Without the SIEM, CSIRT analysts would have to search every single system that may have been accessed, which might be a time-consuming procedure [15], [16].
  • 3. Comput Sci Inf Technol ISSN: 2722-3221  Collecting and analyzing network-based evidence (Ashwini K. Singh) 3 2.2. Analyzing evidence In this procedure, we analyze the information obtained during the previous step in this phase using instruments and methods that may transform readily available information into strong proof that aids in resolving the "W questions: what, when, what, where, and how?”. This stage allows us to fully comprehend the case and reasons that could be at play [17], [18]. It may be feasible to clearly identify the Case type: unintentional, dissatisfied employee, industrial espionage. 2.2.1. Analyzing traffic for sniffing attempts and SMB password cracking attempts In eavesdropping techniques like sniffing and man-in-the-middle assaults, an attacker places oneself in between a client and a server to intercept messages. Attackers snoop through network traffic looking for private data [11]. When trying to crack a server message block (SMB) password, Wireshark's network traffic analysis would show many attempts to log in using various identities [19], [20]. A brute-force attack attempt on the SMB protocol is clearly suggested by the data intercepted by Wireshark, which also shows many usernames and the message "Error: STATUS LOGON FAILURE." 2.2.2. Analyze traffic for MAC flooding attempt A port on the switch is connected to by the attacker while using the active sniffing technique known as media access control attack or MAC flooding. They fire out an onslaught of Ethernet transmissions with phoney MAC addresses. The attacker is attempting to access a content addressable memory (CAM) table that the switch keeps. As a result, another name for this attack is CAM flooding attack [21]. MAC flooded packets are regarded as faulty packets by Wireshark. Wireshark's source and destination addresses, as well as the packet's time to live, can help an investigator identify a MAC flooding effort (TTL). To accomplish this, go to the Analyze Expert Information tab and look at the corrupted packets [22]. 2.2.3. Analyze traffic for TCP SYN flood DoS attack SYN flooding is a sort of DoS attack in which the attacker uses several fake IP addresses to deliver a huge volume of SYN packets to the target server continuously. The server transmits SYN-ACK packets in response to the SYN packets, but no ACK packet is received from the client to complete the three-way TCP handshake. Thus, the attacker may swiftly deplete the target server's CPU and RAM resources and make it unresponsive, which finally leads to DoS. 2.2.4. Analyze traffic for file transfer protocol (FTP) password cracking attempts Password cracking is the process of acquiring or recovering passwords either by performing a password guessing effort using a file containing frequently used passwords, or by utilising trial and error. Dictionary assaults and brute force attacks are the names of these strategies, respectively. By counting the number of login attempts made from the same IP address or username, a detective can spot this kind of assault. The FTP is a widely used protocol for transferring files between computers utilizing the TCP/IP suite over the Internet. FTP is a client-server protocol that uses two channels of communication to connect a client and server. The management of the discussions is done by one, and the transmission of the actual material is done by the other. The server replies to a client's request for a download by providing the specific file requested. The user must enter their username and password to log into the FTP server before starting an FTP session. An FTP password assault involves the attacker attempting to discover any authorized user's password. 2.2.5. Analyze traffic for ARP poisoning attempt A port on the switch is connected to by the attacker while using the active sniffing technique known as MAC flooding. They fire out an onslaught of Ethernet transmissions with phoney MAC addresses. The attacker is attempting to access a content addressable memory (CAM) table that the switch keeps. As a result, another name for this attack is CAM flooding attack. The warning message "multiple usage of IP address> detected" is displayed by Wireshark when duplicate IP addresses are found on the ARP protocol. After collecting the packets, you may use the filter arp.duplicate-addressdetected to look for signs of an ARP poisoning attack. 2.2.6. Analyze traffic to detect malware activity The traces of a malware infection can be found in the ongoing network traffic patterns. Once installed on the target machine, malware often try to connect to their Command-and-Control (C2) server for data exfiltration or further instructions. It accomplishes this task by connecting to certain IP addresses or opening certain ports on the target system, which can be tracked by tools like Wireshark [23].
  • 4.  ISSN: 2722-3221 Comput Sci Inf Technol, Vol. 5, No. 1, March 2024: 1-6 4 Run Wireshark on the computer that is thought to be infected with malware, then look through the current traffic patterns for any oddities. Once any suspicious or odd ports or IP addresses have been identified, you should search internet databases to see whether any malware is using those ports or if they are susceptible. As seen in the picture below, internet research into the suspicious port using speedguide.net's port database discovered that the njRAT malware frequently uses it as a default port. 2.2.7. Analyze traffic for SYN-FIN flood DoS attack A connection is established by the SYN flag, and it is broken by the FIN flag. The attacker floods the network by setting both the SYN and FIN flags in a SYN/FIN DoS attempt. SYN and FIN are not often set at the same time in a TCP conversation. A SYN/FIN DDoS attack is evident if an administrator notices traffic that has both the SYN and FIN flags set. The server's firewall might get overloaded during a SYN/FIN DDoS attack by delivering the packets continuously. 3. CONCLUSION The main objective of the following research was to collect and analyze network-based evidence. The aim has been achieved successfully. Collection of evidence is accomplished via various sniffer tools such as tcpdump, wireshark, and Security information and Event management system (SIEM), an automated system used by large enterprises to sort through system logs to generate possible attack report. Whereas for analysis of evidence is performed by analyzing the traffic for Sniffing Attempts, MAC Flooding Attempt, FTP Password Cracking Attempts, ARP Poisoning Attempt, Malware Activity and others. Evidence are not just collected in hard disks and secondary storages. There is a wealth of information available from network devices spread throughout the environment. With proper preparation, a CSIRT may be able to leverage the evidence provided by these devices through solutions such as a SIEM. Greatest challenges in network forensics is quantity of data generated by the network which counts around gigabytes of memory per day. This paper will help to create legal boundaries and present evidence in more analyzed way by preparing for the legal and tackle all the technical challenges of network evidence collection and Analyses. REFERENCES [1] J. He, C. Chang, P. He, and M. S. Pathan, “Network Forensics Method Based on Evidence Graph and Vulnerability Reasoning,” Future Internet, vol. 8, no. 4, 2016, doi: 10.3390/fi8040054. [2] S. Qureshi, S. Tunio, F. Akhtar, A. Wajahat, A. Nazir, and F. Ullah, “Network Forensics: A Comprehensive Review of Tools and Techniques,” International Journal of Advanced Computer Science and Applications, vol. 12, p. 2021, May 2021, doi: 10.14569/IJACSA.2021.01205103. [3] Y. Ping, “Study on the main form of network crime from the view of criminology,” Proceedings 2011 International Conference on Human Health and Biomedical Engineering, HHBE 2011, pp. 1108–1111, 2011, doi: 10.1109/HHBE.2011.6029018. [4] P. Wright and W. Fone, “Designing and managing networks to aid the capture and preservation of evidence to support the fight against e-crime,” 2007 IEEE International Conference on Networking, Sensing and Control, ICNSC’07, pp. 251–254, 2007, doi: 10.1109/ICNSC.2007.372786. [5] Z. Tian, W. Jiang, Y. Li, and L. Dong, “A digital evidence fusion method in network forensics systems with Dempster-shafer theory,” China Communications, vol. 11, no. 5, pp. 91–97, 2014, doi: 10.1109/CC.2014.6880464. [6] B. C. Cheng and H. Chen, “Quality assurance for evidence collection in network forensics,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4298 LNCS, pp. 121–132, 2007, doi: 10.1007/978-3-540-71093-6_10/COVER. [7] A. Castiglione, G. Cattaneo, G. De Maio, and A. De Santis, “Forensically-Sound Methods to Collect Live Network Evidence,” 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA), pp. 405–412, 2013, doi: 10.1109/AINA.2013.133. [8] H. S. Kim and H. K. Kim, “Network Forensic Evidence Acquisition (NFEA) with packet marking,” Proceedings - 9th IEEE International Symposium on Parallel and Distributed Processing with Applications Workshops, ISPAW 2011 - ICASE 2011, SGH 2011, GSDP 2011, pp. 388–393, 2011, doi: 10.1109/ISPAW.2011.27. [9] M. Kumar, M. Hanumanthappa, and T. V. S. Kumar, “Crime investigation and criminal network analysis using archive call detail records,” 2016 8th International Conference on Advanced Computing, ICoAC 2016, pp. 46–50, Jun. 2017, doi: 10.1109/ICOAC.2017.7951743. [10] B. Turnbull and J. Slay, “Wi-Fi network signals as a source of digital evidence: Wireless network forensics,” ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings, pp. 1355–1360, 2008, doi: 10.1109/ARES.2008.135. [11] N. Paxton, G. J. Ahn, and B. Chu, “Towards practical framework for collecting and analyzing network-centric attacks,” 2007 IEEE International Conference on Information Reuse and Integration, IEEE IRI-2007, pp. 73–78, 2007, doi: 10.1109/IRI.2007.4296600. [12] J. O. Nehinbe and P. Damuut, “Security issues in sensor networks and gathering admissible evidence in network forensics,” Proceedings - UKSim 5th European Modelling Symposium on Computer Modelling and Simulation, EMS 2011, pp. 394–399, 2011, doi: 10.1109/EMS.2011.95. [13] A. J. Masys, Ed., “Networks and Network Analysis for Defence and Security,” 2014, doi: 10.1007/978-3-319-04147-6. [14] Digital Forensics Essentials Professional Series and EC-COUNCIL OFFICIAL CURRICULA., Digital Forensics Essentials Version 1. , Version 1., vol. 1. EC-COUNCIL, 2021.
  • 5. Comput Sci Inf Technol ISSN: 2722-3221  Collecting and analyzing network-based evidence (Ashwini K. Singh) 5 [15] C. Liu, A. Singhal, and D. Wijesekera, “A logic-based network forensic model for evidence analysis,” IFIP Adv Inf Commun Technol, vol. 462, pp. 129–145, 2015, doi: 10.1007/978-3-319-24123-4_8/COVER. [16] “Network Forensics: An Analysis of Techniques, Tools and Trends | Request PDF.” https://www.researchgate.net/publication/311739657_Network_Forensics_An_Analysis_of_Techniques_Tools_and_Trends (accessed May 30, 2023). [17] B. B. Jayasingh and M. R. Patra, “Rule Based Evidence Mining for Network Attack,” pp. 23–28, Apr. 2008, doi: 10.1109/ICIT.2007.47. [18] I. Volarevic, M. Tomic, and L. Milohanic, “Network forensics,” 2022 45th Jubilee International Convention on Information, Communication and Electronic Technology, MIPRO 2022 - Proceedings, pp. 1025–1030, 2022, doi: 10.23919/MIPRO55190.2022.9803427. [19] Y. H. Liu, G. L. Chen, and L. Xie, “An email forensics analysis method based on social network analysis,” Proceedings - 2013 International Conference on Cloud Computing and Big Data, CLOUDCOM-ASIA 2013, pp. 563–569, 2013, doi: 10.1109/CLOUDCOM-ASIA.2013.38. [20] “Network Evidence Collection | Packt Hub.” https://hub.packtpub.com/network-evidence-collection/ (accessed May 30, 2023). [21] D. H. Kim and H. P. In, “Cyber criminal activity analysis models using Markov Chain for digital forensics,” Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008, pp. 193–198, 2008, doi: 10.1109/ISA.2008.90. [22] N. Mohd Zainudin, M. Merabti, and D. Llewellyn-Jones, “Online social networks as supporting evidence: A digital forensic investigation model and its application design,” 2011 International Conference on Research and Innovation in Information Systems, ICRIIS’11, 2011, doi: 10.1109/ICRIIS.2011.6125728. [23] R. Zhang, M. Xie, and J. Bian, “ReLF: Scalable Remote Live Forensics for Android,” Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021, pp. 822–831, 2021, doi: 10.1109/TRUSTCOM53373.2021.00117. BIOGRAPHIES OF AUTHORS Ashwini Kumar Singh is a student studying at Bharti Vidyapeeth Deemed University. Department of Engineering and Technology, in the Department of Information Technology. He can be contacted at email: ashwinikmrsngh@gmail.com. Dhwaniket Kamble is working as an Assistant Professor at Bharti Vidyapeeth Deemed University, Department of Engineering and Technology, in the Computer Science and Engineering Department. His academic qualification is Ph.D. (Pursuing), M.E (IT), B.E (IT), and Diploma (IT). His research area includes Digital Forensics, Ethical Hacking, Cyber Security and Cyber Laws, Design Thinking and Software Engineering. He has published various International Journal papers. He can be contacted at email: drkamble@bvucoep.edu.in Abhishek Bains is a student studying at Bharti Vidyapeeth Deemed University. Department of Engineering and Technology, in the Department of Information Technology. He can be contacted at email: abhishekbains1212@gmail.com. Naman Tiwari is a student studying at Bharti Vidyapeeth Deemed University. Department of Engineering and Technology, in the Department of Information Technology. He can be contacted at email: naman.tiwari2022@gmail.com.
  • 6.  ISSN: 2722-3221 Comput Sci Inf Technol, Vol. 5, No. 1, March 2024: 1-6 6 Tejas Ravindra Deshmukh is a student studying at Bharti Vidyapeeth Deemed University. Department of Engineering and Technology, in the Department of Information Technology. Sanidhya Pandey is a student studying at Bharti Vidyapeeth Deemed University. Department of Engineering and Technology, in the Department of Information Technology. Hemant Kumar is a student studying at Bharti Vidyapeeth Deemed University. Department of Engineering and Technology, in the Department of Information Technology. Diksha M. Bhalerao is working as an Assistant Professor in Bharati Vidyapeeth Deemed University, Department of Engineering and Technology, in Computer Science Engineering. Her academic qualification is M.E (Computer Engineering), B.E (Computer Engineering). Her research area includes Machine Learning and Web Service. She can be contacted at email: dmbhalerao@bvucoep.edu.in.