Correlating forensic data for enhanced network crime investigations: Techniques for packet sniffing, network forensics, and attack detection

Abstract

<p class="MDPI18keywords">In today’s digitally saturated world, digital devices are frequently involved in criminal events as targets, mediums, or witnesses. Forensic investigations encompass the collection, recovery, analysis, and presentation of information stored on network devices, with specific relevance to network crimes. Such investigations often necessitate the use of diverse analysis tools and methods. This study introduces techniques that support digital investigators in correlating and presenting information derived from forensic data, with a primary focus on packet sniffing, network forensics, and attack detection. By leveraging these methodologies, investigators aim to achieve more valuable reconstructions of events or actions, resulting in enhanced case conclusions. The study emphasizes the importance of understanding how malware operates within the context of the Internet. It explores packet sniffing techniques to capture and analyze network data, enabling investigators to detect and trace the origins of malicious activities. Additionally, it delves into the realm of network forensics, proposing effective methods for gathering evidence from network devices and reconstructing digital events. Furthermore, the study covers the significance of attack detection in network crime investigations. It highlights techniques to identify and analyze attack patterns, facilitating the identification of perpetrators and their motivations. By correlating information obtained from forensic data, investigators can obtain comprehensive insights into the nature and impacts of network crimes. Overall, this study aims to arm digital investigators with the knowledge and tools necessary to navigate the complexities of packet sniffing, network forensics, and attack detection. By incorporating these techniques into their investigations, investigators can achieve more robust reconstructions of events, draw well-informed conclusions, and contribute to the successful resolution of network crime cases.</p>