International Journal of Advanced Engineering, Management and

Science (IJAEMS)
Peer-Reviewed Journal
ISSN: 2454-1311 | Vol-9, Issue-4; Apr, 2023
Journal Home Page: https://ijaems.com/
Article DOI: https://dx.doi.org/10.22161/ijaems.94.1

Evaluating Network Forensics Applying Advanced Tools

Abdullah Shah
[email protected]

Received: 24 Feb 2023; Received in revised form: 18 Mar 2023; Accepted: 25 Mar 2023; Available online: 03 Apr 2023

Abstract— Network forensics comes under the domain of digital forensics and deals with evidences left
behind on the networkiafter a cyber-attack. It is indication of the weakness that led to the crime and the
possible cause. Network focused research comes up with many challenges which involves the collection,
storage, content, privacy, confiscation and the admissibility. It is important and critical for any network
forensic researcher or the investigator to consider adopting efficient forensic network investigation
framework or the methodologies in order to improve investigation process. The main aim of this research
contribution was to do a comprehensive analysis of concepts of networks forensics through extensive
investigation and by analyzing various methodologies and associated tools which should be used in the
network forensic investigations. Detailed and in depth analysis of concepts of network forensic investigation
on a designed/conceived network architecture was carried out which was then followed by analyzing various
methodologies and tools employed. An innovative framework for the investigation was designed which can
be used by any forensic expert. The acquired data was analyzed by using information, strategizing and
collecting evidence and by analyzing and reporting of the methodologies on the conceptualized network.
Consequently, it led to the researcher to adopt and utilize a powerful and efficient forensic network
methodology that will ultimately help in improving the investigation process and providing required
tools/techniques along with the requisite guidelines that will determine the approach, methods, and
strategies which are to be used for networkiforensiciprocess to be followed and be executed with the use of
relevant tools that will tend to help in the simplification and improvement of the forensics investigation
process.
Keywords— Forensic Science, Network Forensics, OSCAR.

I. INTRODUCTION & BACKGROUND

In this section, the author presents introduction and the The forensic science has many sub-branches which are
chosen topics background relating to Network Forensics shown in the figure above and for each of them the
and various concepts pertaining to it including the advanced advanced research is being carried out by the field
tools being used to achieve this. researchers. Figure below shows in more detail how the
1.1. Introduction & Background forensic science has penetrated in every walk of life.
The Digital forensic and subsequently the network forensics
stems from the forensic science with its evolution shown
below;

Fig.1.1: Forensic Science Branches Fig.1.2: Forensic Science Penetration

This article can be downloaded from here: www.ijaems.com 1

©2023 The Author(s). Published by Infogain Publication.
This work is licensed under a Creative Commons Attribution 4.0 License. http://creativecommons.org/licenses/by/4.0/
Shah International Journal of Advanced Engineering, Management and Science, 9(4) -2023

Network forensics falls under the category of (DF) related The subsequent domains falling under them are shown in
to monitoring and analyzing computer network traffic for the figures below.
data collection purposes. Unlike DF, network forensic deals
with dynamic information. It comes under the domain of DF
and is related to the investigation of evidence left on the
network following any cyber-attack. This forensic allowed
the businesses to make it possible to enhance their security
situation and apply the requisite corrections appropriately.
In fact, networkiforensics is a subset of the digital forensics
itself is a branch of intelligence science - where jurists look
for technologies or data that contain criminal evidence.
Network forensics, surprisingly, refers to the investigation Fig.1.4: Computer Forensics
and analysis of all network traffic suspected of cybercrime
i.e. proliferation of malicious software that steals data.
Law enforcement agencies use network forensics to analyze
network traffic data collected from suspected criminal
activities. Analysts will search for data that identifies
human interactions, file fraud, and through use of keywords.
By the use of network and digital forensics, the law
enforcement agencies and the crime investigators can track
communications and can easily set up time-based network
events installed through a network controlled system.
In addition to criminal investigations, network forensics is
often used to analyze network events in order to trace the
origins of robberies and other security-related incidents.
This includes looking at suspected network locations,
collecting information about network features and resources
& identifying incidents of unauthorized network access. Fig.1.5: Mobile Forensics
There exist 2 methods for full network forensics;
1. Catch as much as possible" method: Capturing
network traffic for analysis requiring long process and
maintenance.
2. Stop, watch and listen method: Based on analyzing
each data packet which passes across network only what
looks like suspicious and worthy of analysis data thus
needing lots of processing power but can be achieved by
less storage space.
Unlike DF, network forensics are much harder to perform
as data transferred across the network and then lost; in CF
data is usually stored on disk or solid state storage which
makes them easy to access.
The applications of Digital Forensics are shown below; Fig.1.6: Database Forensics

Fig.1.6: Live Forensics

And finally the Network Forensics and its challenges, being

the focus of this research contribution.
Fig.1.3: Applications of Digital Forensics

This article can be downloaded from here: www.ijaems.com 2

©2023 The Author(s). Published by Infogain Publication.
This work is licensed under a Creative Commons Attribution 4.0 License. http://creativecommons.org/licenses/by/4.0/
Shah International Journal of Advanced Engineering, Management and Science, 9(4) -2023

Network Forensics Tools include;

• Wireshark
• Tshark
• Dumpcap
• Network Forensic Analysis Tools

The requisite features are shown in the below figures.

Fig.1.7: Network Forensics Fig.1.9: Wireshark Features

(Source: https://www.wireshark.org/)
Investigative process includes:
• I - Identification
• P - Preservation
• C - Collection
• E - Examination Fig.1.10: Tshark Features [25]
• A - Analysis
• P - Presentation

Fig.1.8: Network Forensics Investigative Process Fig.1.11: Dumpcap Features

(Source: https://docplayer.net/10961126-I3-maximizing-
Identifying attack patterns requires understanding of packet-capture-performance-andrew-brown.html)
applications and network protocols.
• Protocols (on the web)
• FTP - File Transfer Protocols
• E-Mail (Protocols)
• Network (Protocols)
Application-Specific Digital Forensics Investigative Model
is shown below;

Fig.1.12: Network Forensic Analysis Properitory Tools

(Source:
https://www.researchgate.net/figure/Proprietary-tools-
Fig.1.8: Digital Forensics Investigative Model for-Network-Forensics_tbl6_315726562)

This article can be downloaded from here: www.ijaems.com 3

©2023 The Author(s). Published by Infogain Publication.
This work is licensed under a Creative Commons Attribution 4.0 License. http://creativecommons.org/licenses/by/4.0/
 Shah International Journal of Advanced Engineering, Management and Science, 9(4) -2023

1.2. The Research Problem and reporting the findings of a networkiforensics

Not adhering to digital forensics can lead to organizations investigation. It will also identify the networkiforensic tools
loosing continuity and the availability of core services. for forensics investigation processes.
Vulnerabilities can multiply in the networks making it
vulnerable thus compromising security issues. This can lead II. Literature Review
to the collapse of all communication mechanisms because
of network nodes failures and the whole setup can be
Here, literature review and the gaps are identified in the
compromised by the intruding hacker.
light of the reviewed publications.
1.3. The Purpose of the Study
Penetration of brings many challenges associated with
2.1. Literature Review
security and data breaches. Cyber attacker’s come up with
extremely complicated means of infiltrating networks’
Nature and type of crime calls for affected victims help [1].
security. Hence the expert administrator monitoring the
In some cases, Committed computer crime is not the only
network activities should be fully equipped to identify the
source of revenue losses but may make the affected
security vulnerabilities and can capture cyber related
organization inoperable. So, it is important to have a way of
offenders. The main purpose of this research contribution is
doing it the necessary research and auditing for the study
to come up with a standard and innovative framework
once and for all associated computer criminals. Kumongo
which can help in analysis of concepts of networking
of cyber-criminal investigation, method referred to as
forensic and the methodologiesi and associated tools which
networkiforensics. Networkiforensics is a process that
are to be used for network forensics. This is backed by
involves computer research, analysis to find important
detailed and exhaustive literature review.
information that helps in arrest of cybercriminals [2].
1.4. Objectives
1. Detailed insight into the concept of network forensic
It is important to be careful that any provided network is
investigation on conceptualized network.
connected to the internet accustomed to various cyber-
2. Analyzing various methodologies-tools which can be
attack. Attacks are common designed in way that they
used for network forensics.
exploit weaknesses of anything in network. The investigator
3. Analyzing data using “obtain information, strategize,
is therefore assigned a task the burden of coming up with
collect evidence, analyze and report” (OSCAR)
strategies that are important to do network forensic process
methodology on the conceived network.
for diagnosis network entry conditions [3].
4. Designing of an innovative OSCAR Framework
1.5. The Research Questions
Idea of protecting trade secrets has been adopted with new
1. What are the concept of network forensic investigation
significance as information with an independent economy
and how are they analyzed on the network?
or competitive value [5]. One of the many trade problems
2. What are the best methodologies-tools?
secrets produce important and sensitive information such as
3. How to apply methodology of obtaining information,
the result of increased information and communication
strategizing, collecting evidence, analyzing and
space the exchange is a widespread response to government
reporting data on a conceived network architecture
in the use of forcing steel with strong obstacles results, as in
design?
the case of Terry [6]. This is an in-depth study referenced at
4. How to design an innovative OSCAR Framework?
[7], [8], [9], [10], [11].
1.6. Contribution to Knowledge (Academic)
Contribution of this research relates to providing an analysis
Almulhem added that network forensics are highly
which is based on the study of relevant literature. The
correlated with the security model. The network (digital
knowledge helps the researchers to investigate processes
forensics) emphasizes the design and implementation of
which help in cyber-forensics by obtaining, analyzing,
methods, tools, and concepts aimed at improving forensic
evaluating, categorizing, and identifying crucial evidences.
investigation process [12]. Kilpatrick et al. proposes the
1.7. Statement of Significance (Practical Contribution)
implementation of SCADA (monitoring control and
The practical contribution relates to making it possible to
constructive data acquisition programs an important
apprehend a cyber-criminal. It is achieved through using
infrastructure for network forensics [13]. It also plays a key
effective forensic network investigation methodologies.
role in implementation of machine-to-machine safety
The researched upon methodology will provide forensic
methods networks [14].
specialist with essential tools that will determine the
approach for obtaining, strategizing, collecting, analyzing

This article can be downloaded from here: www.ijaems.com 4

©2023 The Author(s). Published by Infogain Publication.
This work is licensed under a Creative Commons Attribution 4.0 License. http://creativecommons.org/licenses/by/4.0/
Shah International Journal of Advanced Engineering, Management and Science, 9(4) -2023

It is important to review several cases subjects where the • Identification of Malicious Activities
concept has been used sufficiently. In particular, Kurniawan
• Identifying the Source of Activity
and Riadi [15] were able to test again use the unique
framework from which it was obtained use the concept of • Application of Tools
networkiforensics analysis once point to the behavior of the • Decision Making based on Data Analysis
infamous Cerber Ransomware. As noted by Messier and
The designed network will be analysed using the following
Bensefia and Ghoualmi, most fire protection systems have
tools.
the ability to use software power in UNIX/Windows
platforms [16] [17]. • Wireshark
Wireshark packet analyser: network troubleshooting,
It is noteworthy that most Honeypot services are secretive analysis, software and communications protocol
[18]. Honey jars are considered important components development.
which help to improve organizational safety [19]. Network • Tshark
forensics is different from access by the evidence gathered
must be accepted in court as well hence satisfying TShark network protocol analyser: Captures packet data
technical/legal concerns [20]. from a live network.
• Dumpcap
While the acquisition of intervention helps in improving Dumpcap is network traffic dump tool: Captures packet
computer network security, network forensics are key data from a live network & writes them to file.
corresponding to the need to identify related evidence
• Network Forensic Analysis Tools (NFATs)
security breach. Network forensics is helpful resolving
issues related to online terrorism, child pornography, drugs, NFATs help administrators monitor their environment for
national security, cybercrime, and corporate intelligence, anomalous traffic, perform forensic analysis and get a clear
among others [21] [22] [23]. picture of their environment.
The focus of this research contribution is cantered towards
2.2. Literatures Gaps the need to find and look at the malware affecting network
hosts. The analysis of the network behaviour can come up
There is a need to develop some tools that can parse varied with infections, exploited channel, and the payload with
network protocols in place or embedded in different ransomware. As we are focussed on the network forensics,
networks. As most of the information carried on the hence, in order to move forward, the forensic mechanisms
networks is volatile, it is essential that it should be preserved need to be looked at which fall under the following
in order to expedite the forensic process. categories.
• Network Security Forensic Mechanisms
III. RESEARCH METHODOLOGY AND
o Embedding the Firewall forensics in the network.
FRAMEWORK
• Honeypot Forensics
This section deals with the research methodology and
conceptualized framework of this research used by the o Network system designed is such to allure by
researcher. depicting information as critical and sensitive.
3.1. Research Methodology A typical firewall forensics scenario is shown in the below
After going through the detailed literature review, figure. The firewall has to detect and mitigate the threat
the research selected the base paper [24]. This research from the attacker using the IPs as identifiers.
contribution is based on following a comprehensive process
A typical honeypot deployment is shown in the below
which will be executed by using OSCAR (obtain, strategize,
figure. The honeypot is placed between the internet network
collect, analyze and report) principles.
and the firewall and the attacker instead of breaking the
firewall is allured towards the honeypot considering it as the
main network server. This saves the other network servers
Fig. 3.1: OSCAR from being attacked and compromised.

The research will follow the following steps.

• Network Conceptualization

This article can be downloaded from here: www.ijaems.com 5

©2023 The Author(s). Published by Infogain Publication.
This work is licensed under a Creative Commons Attribution 4.0 License. http://creativecommons.org/licenses/by/4.0/
Shah International Journal of Advanced Engineering, Management and Science, 9(4) -2023

applications events logs, alerts logs, recovered data, and

swap files of attacker/victim side will be analysed in
addition to traffic data packets, firewall log, intrusion
detection system log, router log, and access control log of
the intermediate devices.
Below innovative conceptualized model is designed by the
researcher.

Fig.3.2: Firewall Forensics

Fig.3.4: Conceptualized Model

In the above conceptualized network design, honeypot

devices (sensitive data) is placed in a network for making it
possible to carry out a detailed analysis of network activities
and the logs being carried throughout the honeypot devices.
Hence they are in a good position to help in finding out
attacker’s logs and activities. The attacker will attack the
network and with honeypot devices strategically placed in
Fig.3.3: Honeypot Forensics (Placement in Network) the network, his attack activities will be logged.

Exploring and investigating of network forensics will be IV. DATA ANALYSIS

done in this research work with identifying a malicious The conceptualized network design is discussed in detail in
activity, evidence collections and its preservation. This will the section after using various tools to capture the attacker’s
be followed by evidence reporting and making the decision activities.
based on the analysis. All the processes of network 4.1. OSCAR Framework Design
forensics will follow the following procedure of OSCAR OSCAR Design Steps are followed in this phase. Therese
principle as explained previously in this section. The are summarized below for clarity.
evidence will be retrieved from the selected network and
• Obtaining Information
computing devices. The selected devices are shown in the
o Information regarding the incident
table below.
o Environment
Table 3.1: System Designed o Time/Date
o Discovery
o Systems involved
o People involved
o Devices involved
o Actions executed after the discovery
o Discussions record
o Legal issues
o Business model
This will be followed by source of evidence, value, effort, o Available resources
volatility and priority of web proxy cache, firewall logging o Communication system
data and the address resolution protocol tables used for o Network topology
storing the information discovered. Address resolution o Procedures
protocol cache helps the attackers hide behind the fake IP o Processes
address. Operations systems audit trail, system event logs, o Incidence response management
This article can be downloaded from here: www.ijaems.com 6
©2023 The Author(s). Published by Infogain Publication.
This work is licensed under a Creative Commons Attribution 4.0 License. http://creativecommons.org/licenses/by/4.0/
Shah International Journal of Advanced Engineering, Management and Science, 9(4) -2023

• Strategizing o For capturing, filtering and analyzing network traffic

o Investigation goal • Tshark
o Investigation time frame o Data network protocol analyzer used for capturing
o Investigation plan and reading traffic data from live data network from
o Value/Cost of obtaining evidence packetized data files.
o Evidence acquiring mechanisms • Dumpcap
o Proof acquisition o Network traffic analysis is done through the use of
o Source this tool which is designed to capture the data
o Effort required packets.
o Volatility • Network Forensic Analysis Tools
o Expected value o Used for tracking networks and gathering
o Evidence prioritization malicious traffic information
o Data retention policy 4.3. Data Analysis
o Access policy The conceptualized network is implemented using the tools
o Configurations policy outlined in the previous section. The below table outlines
• Collecting Evidence the setup details.
o Obtaining evidence Table 4.1: Design Setup
o Using reliable and reputable tools
o Documenting
o Capturing
o Store/Transport
o Security of information
• Analyzing Evidence
o System files log
o Resources log
o Date, time and source of incident
o Investigating officer profile During the process of collection of network-based evidence,
o Methods used to acquire evidence special care was done pertaining to the collection, storage,
o Devices accessed content, privacy, confiscation and admissibility. Test
o Custody chain network was designed on laptop-1 in addition to the host
o Data/network traffic packets repository proxies. The testing was done using IPad as the testing
o Application of forensic tools device. The proxy was used to capture the live network
o Storing/transport of log data traffic. Capturing and saving of the network traffic was
• Reporting achieved through the usage of Wireshark tool and the burp
o Technical information suite. Burp
o Defensible details Suite is used to set up a proxy which allows to test web
o Results architecture by routing web traffic through it. Network
Based on the above identified parameters, a framework is forensics were collected from the applications on Laptop-2
established by the researcher as shown below. while the analysis of the network traffic was done using the
network miner. The below figures show the stepwise
processes.

Fig.4.1: Designed Framework

4.2. Selected Tools

The following tools were selected for the analysis of the
conceptualized network along with their functionalities
used. Fig.4.2: Test Network Design
• Wireshark
This article can be downloaded from here: www.ijaems.com 7
©2023 The Author(s). Published by Infogain Publication.
This work is licensed under a Creative Commons Attribution 4.0 License. http://creativecommons.org/licenses/by/4.0/
Shah International Journal of Advanced Engineering, Management and Science, 9(4) -2023

• Detailed analysis of network forensic investigation

on a conceptualized network.
• Methodologies/tools used were analysed and
studied in depth.
• Analysed the data using “obtain information,
strategize, collect evidence, analysing and
reporting (OSCAR) methodologies on the
conceived network.

Fig.4.3: Capturing Traffic using Wireshark Tool • Designed an innovative OSCAR Framework
which can be adopted in any network forensic
analysis implementations.
• It was found that Network forensic science is
extremely essential important and it helps a cyber-
forensics investigator to;
o O - Obtain
o A - Analyse
o E - Evaluate
Fig.4.4: Penetration Testing with Burp Suite & Wireshark o C - Categorize
(Uncovering Vulnerabilities)
o I - Identify crucial evidences
• Helps in apprehending cyber-criminals
• Network forensics investigator should adopt and
utilize efficient forensic network investigation
methodologies
• OSCAR methodology equips forensic investigator
with critical tools and guidelines to develop;

Fig.4.5: Dumpcap to Capture Data Packets o Approach

o Methods
o Strategies
o Strategizing
o Collecting
o Analysing
o Report of findings
• Network forensics expert should use top of the line
tools.

Fig.4.6: Network Miner for Analysis of Network Traffic 5.2. Future Recommendations
Following are the recommendations for future research
work.
V. CONCLUSIONS AND FUTURE
RECOMMENDATIONS • Development tool kits which can analyse varied
network protocols.
The section looks at the conclusions of the research and the
future recommendations. • Preserve and document data selectively in advance
5.1. Conclusions to speed up the forensic process.
Following are the outcomes and conclusions of this research
contribution.

This article can be downloaded from here: www.ijaems.com 8

©2023 The Author(s). Published by Infogain Publication.
This work is licensed under a Creative Commons Attribution 4.0 License. http://creativecommons.org/licenses/by/4.0/
Shah International Journal of Advanced Engineering, Management and Science, 9(4) -2023

REFERENCES International Journal of Network Security, vol. 20, no. 5, pp.

836–843, 2018.
[1] M. Matsalu et al., “Digitaalse ekspertiisi t¨o¨oj˜ou p¨adevuse
[16] R. Messier, Network forensics. John Wiley & Sons, 2017.
arendamine eestikaitseliidu n¨aitel,” Ph.D. dissertation, 2019.
[17] H. Bensefia and N. Ghoualmi, “An intelligent system for
[2] G. S. Chhabra and P. Singh, “Distributed network forensics
decision making in firewall forensics,” in International
framework: A systematic review,” International Journal of
Conference on Digital Information and Communication
Computer Applications, vol. 119, no. 19, 2015.
Technology and Its Applications. Springer, 2011, pp. 470–
[3] G. A. Pimenta Rodrigues, R. de Oliveira Albuquerque, F. E.
484.
Gomes de Deus, G. A. De Oliveira J´unior, L. J. Garc´ıa
[18] S. Krasser, G. Conti, J. Grizzard, J. Gribschaw, and H. Owen,
Villalba, T.-H. Kim et al., “Cybersecurity and network
“Realtime and forensic network data analysis using animated
forensics: Analysis of malicious traffic towards a honeynet
and coordinated visualization,” in Proceedings from the Sixth
with deep packet inspection,” Applied Sciences, vol. 7, no.
Annual IEEE SMC Information Assurance Workshop. IEEE,
10, p. 1082, 2017.
2005, pp. 42–49.
[4] D. Chang, M. Ghosh, S. K. Sanadhya, M. Singh, and D. R.
[19] Q. Al-Mousa and Z. Al-Mousa, “Honeypots aiding network
White, “Fbhash: A new similarity hashing scheme for digital
forensics: Challenges and notins,” Journal of
forensics,” Digital Investigation, vol. 29, pp. S113–S123,
Communication, vol. 8, no. 11, pp. 700–707, 2013.
2019.
[20] J. Llano Tejera, “Herramientas forenses para la respuesta a
[5] L. Liebler, P. Schmitt, H. Baier, and F. Breitinger, “On
incidents inform´aticos,” Ph.D. dissertation, Universidad
efficiency of artifact lookup strategies in digital forensics,”
Central” Marta Abreu” de Las Villas, 2014.
Digital Investigation, vol. 28, pp. S116–S125, 2019.
[21] W. Ren, “Modeling network forensics behavior,” Journal of
[6] K. Karampidis, E. Kavallieratou, and G. Papadourakis, “A
Digital Forensic Practice, vol. 1, no. 1, pp. 57–65, 2006.
review of image steganalysis techniques for digital
[22] S. Davidoff and J. Ham, Network forensics: tracking hackers
forensics,” Journal of information security and applications,
through cyberspace. Prentice hall Upper Saddle River, 2012,
vol. 40, pp. 217–235, 2018.
vol. 2014.
[7] F. Akhtar, J. Li, M. Azeem, S. Chen, H. Pan, Q. Wang, and
[23] J. Buric and D. Delija, “Challenges in network forensics,” in
J.-J. Yang, “Effective large for gestational age prediction
2015 38th International Convention on Information and
using machine learning techniques with monitoring
Communication Technology, Electronics and
biochemical indicators,” The Journal of Supercomputing, pp.
Microelectronics (MIPRO). IEEE, 2015, pp. 1382–1386.
1–19, 2019.
[24] Qureshi, Sirajuddin & Tunio, Saima & Akhtar, Faheem &
[8] J. Li, D. Zhou, W. Qiu, Y. Shi, J.-J. Yang, S. Chen, Q. Wang,
Wajahat, Ahsan & Nazir, Ahsan. (2021). Network Forensics:
and H. Pan, “Application of weighted gene co-expression
A Comprehensive Review of Tools and Techniques.
network analysis for data from paired design,” Scientific
International Journal of Advanced Computer Science and
reports, vol. 8, no. 1, pp. 1–8, 2018.
Applications. 12. 2021. 10.14569/IJACSA.2021.01205103.
[9] F. Akhtar, J. Li, Y. Pei, A. Imran, A. Rajput, M. Azeem, and
[25] Oracle (2019). Analyzing Network Traffic with TShark and
Q. Wang, “Diagnosis and prediction of large-for-gestational-
Wireshark. Oracle Administering TCP/IP Networks, IPMP,
age fetus using the stacked generalization method,” Applied
and IP Tunnels in Oracle® Solaris 11.3
Sciences, vol. 9, no. 20, p. 4317, 2019.
[10] A. Imran, J. Li, Y. Pei, J.-J. Yang, and Q. Wang,
“Comparative analysis of vessel segmentation techniques in
retinal images,” IEEE Access, vol. 7, pp. 114 862–114 887,
2019.
[11] J. Li, L. Liu, J. Sun, H. Mo, J.-J. Yang, S. Chen, H. Liu, Q.
Wang, and H. Pan, “Comparison of different machine
learning approaches to predict small for gestational age
infants,” IEEE Transactions on Big Data, 2016.
[12] A. Almulhem, “Network forensics: Notions and challenges,”
in 2009 IEEE International Symposium on Signal Processing
and InformationTechnology (ISSPIT). IEEE, 2009, pp. 463–
466.
[13] T. Kilpatrick, J. Gonzalez, R. Chandia, M. Papa, and S.
Shenoi, “An architecture for scada network forensics,” in
IFIP International Conference on Digital Forensics. Springer,
2006, pp. 273–285.
[14] K. Wang, M. Du, Y. Sun, A. Vinel, and Y. Zhang, “Attack
detection and distributed forensics in machine-to-machine
networks,” IEEE Network, vol. 30, no. 6, pp. 49–55, 2016.
[15] A. Kurniawan and I. Riadi, “Detection and analysis cerber
ransomware based on network forensics behavior,”

This article can be downloaded from here: www.ijaems.com 9

©2023 The Author(s). Published by Infogain Publication.
This work is licensed under a Creative Commons Attribution 4.0 License. http://creativecommons.org/licenses/by/4.0/