This document proposes a method to uncover IP spoofing attacks using a combination of Network Forensic Analysis Tools (NFAT) and IP correlation. It summarizes previous research in these areas and proposes a prototype model that integrates various components like a sniffer, input filter, IP correlation, and analyst tool. The prototype aims to address the gaps in real network implementation and theoretical domains identified in existing approaches. Future work involves developing and testing the prototype in virtual networks.