Secured Proactive Network Forensic Framework

摘要

Nowadays, cyber crimes are increasing and have affected large organizations with highly sensitive information. Consequently, the affected organizations spent more resources analyzing the cyber crimes rather than detecting and preventing these crimes. Digital forensics is a process of recovery and investigation of material found in digital devices after the crime happens. Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Network forensics is about finding out how security was breached and taking appropriate measures for the future. The network investigation process can be done either in reactive or in proactive way. Reactive network forensic investigation is a old method and the investigation is done after the crime happened. In this method, the collected data is incomplete and it's difficult to prove in front of the court with the available data. Proactive network forensics is a used in live investigation and is considered as the current method of investigation which is used to investigate the attack with the live data. Since data collection is live, it's easy to prove the case with less time. The classification of data is used which helps to again reduce the time complexity and space complexity. These approaches are utilized in the preliminary analysis of a cyber crime and help improve and accelerate the decision making process. Now a days the hacker are expected to be within the organization, so the encryption over the collected data is used so that only the intended investigator can decrypt and analyze the data with his private key.