Today, as the cybercrimes are increasing rapidly, there is necessity to find the root cause of the loopholes that are left while taking care of cyber security. So, the evidences are searched to find the source of the cyber attack. This can be done by detecting networks and network components used by criminals which comes under network forensics. Network forensic is a domain of computer forensic which studies internal and external network to find out important artifacts for investigators to discover the origin of the cyber attack. The proposed survey focuses on overview of network forensic domain having different network forensic methods, methodology along with the analysis of network forensic tools (NFTs). The proposed survey also concentrates on the comparison of NFTs like Network Miner, Xplico, LogRhythm, NIKSUN, Nmap, etc. based on their features, compatibility with platforms, whether they are open source or commercial, etc. Finally, this paper concludes with the basic purpose and features of every tool and its usability.
Read full abstract