ABSTRACT
Network forensics is the science that deals with capture, recording, and analysis of network traffi c. Honeypots play an important role for forensics and investigation of networks. The network log data is collected from existing security products like Kismet, Wireshark, etc., analyzed for attack characterization and investigated to traceback the perpetuator. Network forensics is not another term for network security. Network forensics can be considered as an essential part in Network security. Earlier, the data for forensic analysis was collected from security products like fi rewalls and
intrusion detection systems only. With their evolution, Honeypots have become key contributor in capturing the attack data which is analyzed and investigated, hence facilitating the process of network forensics. Network forensics, however, may involve certain crimes which are legally prosecutable but which may not breach network security policies [1].
