Comparative Analysis of Network Forensic Tools and Network Forensics   Processes

Fahad M Ghabban; Ibrahim Alfadli; Omair Ameerbakhsh; Amer Nizar; AbuAli; Arafat Al-Dhaqm; Mahmoud Ahmad Al-Khasawneh

arXiv:2108.05579·cs.CR·August 13, 2021

Comparative Analysis of Network Forensic Tools and Network Forensics Processes

Fahad M Ghabban, Ibrahim Alfadli, Omair Ameerbakhsh, Amer Nizar, AbuAli, Arafat Al-Dhaqm, Mahmoud Ahmad Al-Khasawneh

PDF

Open Access

TL;DR

This paper compares four popular network forensic tools to evaluate their capabilities in incident detection, collection, and analysis, highlighting Xplico as the most comprehensive among them.

Contribution

It provides a comparative analysis of four well-known network forensic tools, emphasizing their functionalities and effectiveness in network incident analysis.

Findings

01

Xplico outperforms other tools in incident identification and analysis

02

Differences exist in roles and functionalities of various NFTs

03

The study aids in selecting appropriate forensic tools for network security

Abstract

Network Forensics (NFs) is a branch of digital forensics which used to detect and capture potential digital crimes over computer networked environments crime. Network Forensic Tools (NFTs) and Network Forensic Processes (NFPs) have abilities to examine networks, collect all normal and abnormal traffic/data, help in network incident analysis, and assist in creating an appropriate incident detection and reaction and also create a forensic hypothesis that can be used in a court of law. Also, it assists in examining the internal incidents and exploitation of assets, attack goals, executes threat evaluation, also by evaluating network performance. According to existing literature, there exist quite a number of NFTs and NTPs that are used for identification, collection, reconstruction, and analysing the chain of incidents that happen on networks. However, they were vary and differ in their…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsDigital and Cyber Forensics · Advanced Malware Detection Techniques · Internet Traffic Analysis and Secure E-voting