Research Area: Digital Forensics
Packet analysis is a primary traceback technique in network forensics, which, providing that the packet details captured are sufficiently detailed, can play back even the entire network traffic for a particular point in time. This can be used to find traces of nefarious online behavior, data breaches, unauthorized website access, malware infection, and intrusion attempts, and to reconstruct image files, documents, email attachments, etc. sent over the network. This paper is a comprehensive survey of the utilization of packet analysis, including deep packet inspection, in network forensics, and provides a review of AI-powered packet analysis methods with advanced network traffic classification and pattern identification capabilities. Considering that not all network information can be used in court, the types of digital evidence that might be admissible are detailed. The properties of both hardware appliances and packet analyzer software are reviewed from the perspective of their potential use in network forensics.
Keywords:
Author(s) Name: Leslie F.Sikos
Journal name: Forensic Science International: Digital Investigation
Conferrence name:
Publisher name: ELSEVIER
DOI: https://doi.org/10.1016/j.fsidi.2019.200892
Volume Information: Volume 32, March 2020, 200892
