Network Forensics Techniques

Network forensics is a nascent science that generally works for three uses, i.e., monitoring the abnormalities on network, identifying the clues, and analyzing all evidences by law enforcement. It acts on two theories “stop, look, and listen” and “catch it as you can”. The network forensics technique finds the vulnerabilities from the network by recording, capturing, and analyzing the events using different tools. The network forensic investigation of digital evidence is predominantly employed as a postincident response to an activity that cannot be defined definitely as to an incident or legally does not comply with the organizational norms and policies. There are some existing techniques used to perform the network forensics techniques. These techniques help to identify, detect, and mitigate an attack and further avoid it in the future by taking an incident response. This chapter discusses about all network forensics techniques. It also differentiates between conventional and advanced forensics techniques based on their advantages. This chapter describes various network forensics techniques such as IP traceback technique, intrusion detection technique, and firewall-based techniques. It also describes vulnerability detection techniques including black-box and white-box testing. It further defines honeypot and honeynet alongside their classifications. It also explains the UDP flooding techniques.