A Survey Of Packet Analysis For Network Forensics

Abstract

Network forensics is a branch of the network security paradigm (a collection of rules and configurations for protecting the integrity, confidentiality, and accessibility of computer networks and data using both software and hardware technologies) that focuses on network attack prevention and detection. It solves the present model's lack of specific investigation tools for probing harmful activities in networks. It also monitors the network for attacks and analyzes the attackers' characteristics. Packet analysis is the most common technique in network forensics, and it may replay the whole network traffic for a given period if the packet characteristics gathered are sufficiently detailed. The data collected can be utilized to track down traces of illegal internet activity, data breaches, unauthorized website access, malware infection, and so on across the network. This article provides a thorough packet analysis approach with extensive network traffic categorization and pattern detection capabilities, as well as a broad examination of the use of packet analysis in network forensics. Because not all network data can be used in court, the categories of digital evidence that may be acceptable are described in depth. The features of both hardware appliances and packet analyzer software are examined in light of their potential applications in network forensics. Keywords: Network Forensics, Computer & Network Security, Digital Forensics, Local and Wide Area Network, Internet BOOK Chapter ǀ Research Nexus in IT, Law, Cyber Security & Forensics. Open Access. Distributed Free Citation: Tsatsu, K. Sabblah (2022): Analysis of Attack Intention Recognition Book Chapter Series on Research Nexus in IT, Law, Cyber Security & Forensics. Pp 263-266 www.isteams.net/ITlawbookchapter2022. dx.doi.org/10.22624/AIMS/CRP-BK3-P42