Network Forensics Investigation: Behaviour Analysis of Distinct Operating Systems to Detect and Identify the Host in IPv6 Network

Abstract

This paper studies the behaviour analysis of distinct operating systems for the purpose of forensics investigation in the IPv6 network and ensures the detection as well as identification of the network host. The network forensics parameters help to capture, filter, analyse, and information reporting about the computer-based incidents and activities of cybercrime. IPv6 supports tackling the complication of traffic in a network environment, such as dual-stack, tunnel, and translation. This research sheds light on the IPv6 network, assesses the automatic and manual transition in order to characterise network behaviour. This paper proposes a flexible and automated method architecture to analyse operating systems behaviour by observing the system function calls, performing network investigation by using PCAP file analysis to help detect and identify the host, sessions, and open ports in the virtual environment. Through the experimental result on the network traffic, PCAP files dataset of the University of New Haven, the proposed model can archive identify network host in IPv6 network with high accuracy rate, the result shows the robustness of the NetworkMiner in terms of behaviour analysis with efficacy as compared to other state-of-the-art schemes.