Network Forensic Process Model and Framework: An Alternative Scenario

Network forensic provides a way to trail the cyber criminals through analysis and trace back of collected network evidence. The prerequisite is the deployment of various network traffic collection tools such as Iris, NetIntercept, NetWitness, SoleraDS5150, Xplico. Network forensic analysis involves examination of network traffic to detect invasion and exploring how the crime took place, i.e., setting up crime scene for investigation and replays. In this paper, we have proposed the process model and compared with the existing network forensic process models and frameworks. Along with highlighting the research challenges at various stages, authors propose a high-level description of standard process model and framework.