{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,7]],"date-time":"2024-09-07T11:23:56Z","timestamp":1725708236169},"reference-count":58,"publisher":"IGI Global","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,1,1]]},"abstract":"<p>Establishing facts on cyber crime is gradually gaining wider relevance in prosecuting cyber criminals. The branch of cyber policing saddled with this responsibility is the network forensic community (researchers, developer, and investigator). However, the recurring rate of advances in cybercrime poses greater challenge to the available improvements in network forensics analysis tools (NFAT) as well as to investigators, and ultimately, researchers. The need for an efficient cutting-edge research finding in curbing network crimes therefore is undeniably critical. This paper describes the distinction between network security and network forensics. In addition, the authors identify factors that militate against most network forensic techniques as well as the research challenges in network forensics. Furthermore, the paper discusses on the current research works on network forensics analysis. This research is useful to the research community of network forensics, for knowledge on existing research techniques, and direction on further research in network forensics.<\/p>","DOI":"10.4018\/jdcf.2013010101","type":"journal-article","created":{"date-parts":[[2013,8,5]],"date-time":"2013-08-05T19:29:42Z","timestamp":1375730982000},"page":"1-26","source":"Crossref","is-referenced-by-count":27,"title":["A Review of Current Research in Network Forensic Analysis"],"prefix":"10.4018","volume":"5","author":[{"given":"Ikuesan R.","family":"Adeyemi","sequence":"first","affiliation":[{"name":"Information Assurance and Security Research Group in the Department of Computer Science, Universiti Teknologi Malaysia, Johor Bahru, Johor, Malaysia"}]},{"given":"Shukor Abd","family":"Razak","sequence":"additional","affiliation":[{"name":"Information Assurance and Security Research Group in the Department of Computer Science, Universiti Teknologi Malaysia, Johor Bahru, Johor, Malaysia"}]},{"given":"Nor Amira Nor","family":"Azhan","sequence":"additional","affiliation":[{"name":"Information Assurance and Security Research Group in the Department of Computer Science, Universiti Teknologi Malaysia, Johor Bahru, Johor, Malaysia"}]}],"member":"2432","reference":[{"key":"jdcf.2013010101-0","first-page":"23","author":"K. S.Aathira","year":"2011","journal-title":"Defense strategy against network worm causing ICMP attaks, and its forensic analysis. CNSA 2011, CCIS 196"},{"key":"jdcf.2013010101-1","unstructured":"Adeyemi, I. R., Razak, S. A., & Azhan, N. A. (2012). Identifying critical features for network forensics investigation perspective critical. International Journal of Computer Science and Information Security, 1-23."},{"key":"jdcf.2013010101-2","unstructured":"Al-Morjan, A. A. (2010). An investigation into a digital forensic model to distinguish between \u201cinsider\u201d and \u201coutsider\u201d. PhD Thesis, Software Technology Research Laboratory, De Montfort University, Leicester, UK."},{"key":"jdcf.2013010101-3","doi-asserted-by":"crossref","unstructured":"Almulhem, A. (2009). Network forensics: Notions and challenges. IEEE, 463-466.","DOI":"10.1109\/ISSPIT.2009.5407485"},{"key":"jdcf.2013010101-4","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-73655-6_4"},{"key":"jdcf.2013010101-5","doi-asserted-by":"crossref","unstructured":"Arnes, A., Haas, P., Vigna, G., & Kemmerer, R. A. (2006). Digital forensic reconstruction and the virtual security testbed ViSe. Retrieved September 6, 2012 from http:\/\/www.cs.ucsb.edu\/~vigna\/publications\/2006_arnes_haas_vigna_kemmerer_DIMVA.pdf","DOI":"10.1007\/11790754_9"},{"key":"jdcf.2013010101-6","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2011.05.010"},{"key":"jdcf.2013010101-7","unstructured":"Chen, L. M., Chen, M. C., Sun, Y. S., & Hsiao, S.-W. (2009). Scalable long-term network forensics for epidemic attacks. ESRGroups France, 1-4."},{"key":"jdcf.2013010101-8","doi-asserted-by":"crossref","unstructured":"Chen, S., & Tang, Y. (2012). A stream reassembly mechanism based on DPI. In Proceedings of the International Parallel and Distributed Processing Symposium Workshop & PhD Forum (pp. 12041209). Changsha, China: IEEE Computer Society.","DOI":"10.1109\/IPDPSW.2012.152"},{"key":"jdcf.2013010101-9","doi-asserted-by":"crossref","unstructured":"Christopherson, K. M. (2006). The positive and negative implications of anonymity in internet social interactions: \u2018\u2018On the internet, nobody knows you\u2019re a dog\u2019\u2019. International Journal of Computers in Human Behavior, 3038-3056.","DOI":"10.1016\/j.chb.2006.09.001"},{"key":"jdcf.2013010101-10","doi-asserted-by":"crossref","unstructured":"Christopherson, K. M. (2007). The positive and negative implication on the internet social interaction: \u201cOn the internet, nobody knows you're a Dog\u201d. Computer in Human Behavior, 3038-3056.","DOI":"10.1016\/j.chb.2006.09.001"},{"key":"jdcf.2013010101-11","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2008.12.002"},{"key":"jdcf.2013010101-12","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2008.05.016"},{"key":"jdcf.2013010101-13","doi-asserted-by":"crossref","unstructured":"Collins, M. P., & Reiter, M. K. (2006). Finding peer-to-peer file-sharing using coarse network behaviors. In Proceedings of the ESORICS 2006 (LNCS 4189, pp. 1\u201317).","DOI":"10.1007\/11863908_1"},{"key":"jdcf.2013010101-14","doi-asserted-by":"publisher","DOI":"10.1145\/505248.505267"},{"key":"jdcf.2013010101-15","unstructured":"Du, J., & Gong, S. (2011). Research on the clients of network forensics. IEEE, 446-448."},{"key":"jdcf.2013010101-16","unstructured":"FCC. (2001). Rules & regulations for title 47. Retrieved June 20, 2012, from http:\/\/www.fcc.gov\/encyclopedia\/rules-regulations-title-47"},{"key":"jdcf.2013010101-17","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2010.05.009"},{"key":"jdcf.2013010101-18","doi-asserted-by":"crossref","unstructured":"Greitzer, F. L., & Frincke, D. A. (2010). Combining traditional cyber security audit data with psychosocial data: Towards predictive modelling for insider threat mitigation. Spinger Science + Business Media, 85-112.","DOI":"10.1007\/978-1-4419-7133-3_5"},{"key":"jdcf.2013010101-19","doi-asserted-by":"publisher","DOI":"10.1016\/S0267-3649(01)01105-0"},{"key":"jdcf.2013010101-20","unstructured":"Group., M. M. (2001-2012). Internet world stats, world internet usage and population statistics 31Dec2011. Retrieved June 20, 2012, from http:\/\/www.internetworldstats.com\/stats.htm"},{"issue":"10","key":"jdcf.2013010101-21","first-page":"885","article-title":"TCP\/IP security threats and attack methods.","volume":"22","author":"B.Harris","year":"1999","journal-title":"Science Direct"},{"key":"jdcf.2013010101-22","first-page":"1","article-title":"Network forensics- An analysis of techniques, tools, and trends.","volume":"99","author":"R.Hunt","year":"2012","journal-title":"IEEE Computer"},{"key":"jdcf.2013010101-23","doi-asserted-by":"crossref","unstructured":"Kang, S.-H., & Kim, J. (2008). Network forensic analysis using visualization effect. In Proceedings of the International Conference on Convergence and Hybrid Information Technology (pp. 1-5). IEEE Computer Society.","DOI":"10.1109\/ICHIT.2008.165"},{"key":"jdcf.2013010101-24","doi-asserted-by":"publisher","DOI":"10.5120\/649-906"},{"key":"jdcf.2013010101-25","doi-asserted-by":"crossref","unstructured":"Lin, C., Zhitang, L., & Cuixia, G. (2009). Automated analysis of multi-source logs for network forensics. In Proceedings of the First International Workshop on Education Technology and Computer Science (pp. 660-664). IEEE computer society.","DOI":"10.1109\/ETCS.2009.153"},{"key":"jdcf.2013010101-26","first-page":"385","article-title":"An improved approach towards network forensic investigation of HTTP and FTP protocols.","volume":"2011","author":"T.Manesh","year":"2011","journal-title":"Proceedings of the PDCTA"},{"key":"jdcf.2013010101-27","doi-asserted-by":"publisher","DOI":"10.1145\/1368506.1368520"},{"key":"jdcf.2013010101-28","unstructured":"Merkle, L. D. (2008, July 12-16). Automated network forensics. In Proceedings of the GECCO (pp. 1929-1931). Atlanta GA: ACM."},{"key":"jdcf.2013010101-29","doi-asserted-by":"crossref","unstructured":"Mitropoulos, S., Patsos, D., & Douligeris, C. (2005). Network forensics: Towards a classification of traceback mechanisms. IEEE, 1-8.","DOI":"10.1109\/SECCMW.2005.1588288"},{"key":"jdcf.2013010101-30","unstructured":"Mukkamala, S., & Sung, A. H. (2003). Identifying significant features for network forensic analysis using artificial intelligent techniques. International Journal of Digital Evidence, 1-17."},{"key":"jdcf.2013010101-31","doi-asserted-by":"crossref","unstructured":"Nance, K., & Ryan, D. J. (2011). Legal aspects of digital forensics: a research agenda. In Proceedings of the 44th Hawaii International Conference on System Sciences (pp. 1-6). Hawai: IEEE.","DOI":"10.1109\/HICSS.2011.282"},{"key":"jdcf.2013010101-32","doi-asserted-by":"crossref","unstructured":"Nehinbe, J. O. (2011). Emerging threats, risks and mitigation strategies in network forensics. In Proceedings of the CCECE (pp. 1228-1232). Niagara Falls, Canada. IEEE.","DOI":"10.1109\/CCECE.2011.6030658"},{"key":"jdcf.2013010101-33","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.05.002"},{"key":"jdcf.2013010101-34","first-page":"287","article-title":"On inferring TCP behavior.","volume":"01","author":"J.Padhye","year":"2001","journal-title":"Proceedings of the SIGCOMM"},{"key":"jdcf.2013010101-35","author":"G.Palmer","year":"2001","journal-title":"A road map for digital forensic research"},{"key":"jdcf.2013010101-36","doi-asserted-by":"crossref","unstructured":"Palomo, E., Elizondo, D., \u00b4Inguez, E. D., Luque, R., & Wats, T. (2012). SOM-based techniques towards hierarchical visualisation of network forensics traffic data. Computational Intelligence for Privacy and Security (SCI 394, pp. 75\u201395).","DOI":"10.1007\/978-3-642-25237-2_6"},{"key":"jdcf.2013010101-37","doi-asserted-by":"crossref","unstructured":"Palomo, E., North, J., Elizondo, D., Luque, R., & T, W. (2011, July 31-August 5). Visualisation of network forensics traffic data with a self-organising map for qualitative features. In Proceedings of the International Joint Conference on Neural Networks, (pp. 1740-1747). San Jose, CA: IEEE.","DOI":"10.1109\/IJCNN.2011.6033434"},{"key":"jdcf.2013010101-38","doi-asserted-by":"crossref","unstructured":"Pilli, E., Joshi, R., & Niyogi, R. (2011, January 31- February 2). Router and interface marking for network forensics. In Proceedings of the 7th International Conference on Digital Forensics, Orlando, FL (pp. 209-220).","DOI":"10.1007\/978-3-642-24212-0_16"},{"key":"jdcf.2013010101-39","doi-asserted-by":"crossref","unstructured":"Pilli, E. S., Joshi, R., & Niyogi, R. (2010). A generic framework for network forensics. International Journal of Computer Applications, 0975\u20138887.","DOI":"10.5120\/251-408"},{"key":"jdcf.2013010101-40","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2010.02.003"},{"key":"jdcf.2013010101-41","doi-asserted-by":"crossref","unstructured":"Pilli, E. S., Joshi, R., & Niyogi, R. (2010, October 4-6). An IP traceback model for network forensics. In Proceedings of the Second International Institute for Computer Sciences, Social Informatics and Telecommunications Engineering Conference (ICDF2C 2010) (pp. 129\u2013136).","DOI":"10.1007\/978-3-642-19513-6_11"},{"key":"jdcf.2013010101-42","doi-asserted-by":"crossref","unstructured":"Pilli, E. S., Joshi, R. C., & Niyogi, R. (2011). Data reduction by identification and correlation of TCP\/IP attack attribute for network forensics. In Proceedings of the International Conference and Workshop on Emerging Trends in Technology (pp. 276-283). Mumbai, India: ACM.","DOI":"10.1145\/1980022.1980085"},{"key":"jdcf.2013010101-43","doi-asserted-by":"crossref","unstructured":"Ponec, M., Paul, G., Br\u00f6nnimann, H., & Wein, J. (2007, October 29\u2013November 2). Highly efficient techniques for network forensics. In Proceedings of the CCS\u201907, Alexandria, VA (pp. 150-160). ACM.","DOI":"10.1145\/1315245.1315265"},{"key":"jdcf.2013010101-44","unstructured":"Raftopoulos, E., Egli, M., & Dimitropoulos, X. (2012). Shedding light on log correlation in network forensics analysis. 1-10. Retrieved from http:\/\/www.csg.ethz.ch\/people\/rilias\/publications\/RaDi_dimva12.pdf"},{"key":"jdcf.2013010101-45","unstructured":"Ranum, M. J. (2012 \u0439\u0438\u043b 21-06). Retrieved from http:\/\/www.ranum.com\/"},{"key":"jdcf.2013010101-46","doi-asserted-by":"crossref","unstructured":"Ren, W., & Jin, H. (2005, March 13-17). Honeynet based distributed adaptive network forensics and active real time investigation. In Proceedings of the Symposium on Applied Computing (SAC\u201905), Santa Fe, NM (pp. 302-303).","DOI":"10.1145\/1066677.1066749"},{"key":"jdcf.2013010101-47","unstructured":"Ren, W., & Jin, H. (2005, September 5-9). Modeling the network forensics behaviors. In Proceedings of the Workshop of the 1st International Conference on Security and Privacy for Emergin Areas in Communication Networks (pp. 1-8)."},{"key":"jdcf.2013010101-48","doi-asserted-by":"crossref","unstructured":"Saad, S., & Traore, I. (2010). Method ontology for intelligent network forensics analysis. In Proceedings of the Annual International Conference on Security Privacy and Trust (pp. 7-14). IEEE.","DOI":"10.1109\/PST.2010.5593235"},{"key":"jdcf.2013010101-49","first-page":"85","article-title":"Network packet forensics","author":"E.Schwartz","year":"2010","journal-title":"Cyber forensics: Springer\u2019s forensic laboratory science series"},{"key":"jdcf.2013010101-50","doi-asserted-by":"crossref","unstructured":"Takahashi, D., & Xiao, Y. (2008). Complexity analysis of retrieving knowledge from auditing log files for computer and network forensics and accountability. In Proceedings of the ICC 2008 (pp. 1474-1478). IEEE Communications Society.","DOI":"10.1109\/ICC.2008.285"},{"key":"jdcf.2013010101-51","author":"F.Tushabe","year":"2004","journal-title":"Computer forensics for cyberspace crimes"},{"key":"jdcf.2013010101-52","doi-asserted-by":"crossref","unstructured":"Varghese, G. J., Fingerhut, A., & Flavio, B. (2006, September 11\u201315). Detecting evasion attacks at high speeds without reassembling. In Proceedings of the SIGCOMM\u201906, Pisa, Italy (pp. 327-338).","DOI":"10.1145\/1151659.1159951"},{"key":"jdcf.2013010101-53","doi-asserted-by":"crossref","unstructured":"Wagener, G., Dulaunoy, A., & Engel, T. (2008). Towards an estimation of the accuracy of TCP reassembly in network forensics. In Proceedings of the Second International Conference on Future Generation Communication and Networking (pp. 273-278). IEEE Computer Society.","DOI":"10.1109\/FGCN.2008.118"},{"key":"jdcf.2013010101-54","doi-asserted-by":"crossref","unstructured":"Xu, K., Wang, F., & Wang, B. (2010). Behavior profiling and analysis in wireless home networks. In Proceedings of the 7th Consumer Communications and Networking Conference (CCNC) (pp. 1-2).","DOI":"10.1109\/CCNC.2010.5421571"},{"key":"jdcf.2013010101-55","doi-asserted-by":"crossref","unstructured":"Xu, K., Zhang, Z.-L., & Bhattacharyya, S. (2005, August 22\u201326). Profiling internet backbone traffic: behavior models and applications. In Proceedings of the Special Interest Group on Data Communications Conference (SIGCOMM\u201905), Philadelphia, PA (pp. 169-180). ACM.","DOI":"10.1145\/1090191.1080112"},{"issue":"6","key":"jdcf.2013010101-56","first-page":"1242","article-title":"Internet traffic behavior profiling for network security monitoring.","volume":"16","author":"K.Xu","year":"2008","journal-title":"IEEE\/ACM Transactions on Networking"},{"key":"jdcf.2013010101-57","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2010.2041821"}],"container-title":["International Journal of Digital Crime and Forensics"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=79138","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,7,3]],"date-time":"2023-07-03T17:57:13Z","timestamp":1688407033000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jdcf.2013010101"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2013,1,1]]},"references-count":58,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2013,1]]}},"URL":"https:\/\/doi.org\/10.4018\/jdcf.2013010101","relation":{},"ISSN":["1941-6210","1941-6229"],"issn-type":[{"value":"1941-6210","type":"print"},{"value":"1941-6229","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,1,1]]}}}