With the rapid evolution of computer networks, network forensics has become a significant research area investigating the perpetration of cybercrimes worldwide. The complex network structure makes it difficult for the cybercrime investigator because the cyber attackers launch their crimes with complicated strategies. In the network environment, performing the context of cyber-criminal investigation refers to the network forensics for the committed crimes.
The forensic examination and analysis process helps to understand the network statistics by investigating the network packets that hold the potential information about the network activities. Network forensics heavily relies on examining and analyzing the network packets that comprise the wealth of information, such as the credentials, login attempts, online user activities, browsing time duration, abuse of intellectual property, and illegal file downloads.
In network forensics, packet analysis plays a predominant role in the evidence collection and perpetrators detection by examining malicious network traffic. From the influence of the client-server interactions, traffic flows, sessions, individual frames, and packet streams, network forensics investigates malicious attempts and misuse within the network. Recently, the design of machine learning algorithms-based forensic investigation models has become popular among network forensic researchers.