Network forensic Log analysis

Network forensics log analysis is the capturing, recording, and analysis of network events in order to discover the source of security attacks. An investigator needs to back up these recorded data to free up recording media and to preserve the data for future analysis. An investigator needs to perform network forensics process to determine which type of an attack over a network and to trace out the culprit. In the cyber-crime world huge log data, transactional data occurs which tends to plenty of data for storage and analyze them. It is difficult for forensic investigators to keep on playing with time and to find out the clues and analyze those collected data. In network forensic analysis, it involves network traces and detection of attacks. The trace involves an Intrusion Detection System and firewall logs, logs generated by network services and applications, packet captures. Network forensics is a branch of digital forensics that focuses on the monitoring and analysis of network traffic. Unlike other areas of digital forensics that focus on stored or static data, network forensics deals with volatile and dynamic data. It generally has two uses. The first, relating to security, involves detecting anomalous traffic and identifying intrusions. The second use, relating to law enforcement according to the chain of custody rule, involves capturing and Analyzing network traffic and can include tasks such as reassembling transferred files.“Stop, look and listen” systems, in which each packet is analysed in a rudimentary way in memory and only certain information saved for current analysis. On this analysis, we propose to archive data using various tools and provide a “unified structure” based on a standard forensic process. This different unified structured IDS data are use to store and preserve in a place, which would be use to present as an evidence in court by the forensic analysis.
DOI: 10.17762/ijritcc2321-8169.150533