Network Forensic Process Models

  • R. C. Joshi
  • Emmanuel S. Pilli
Part of the Computer Communications and Networks book series (CCN)


In this chapter, various process models along with their various phases in the field of digital forensics and network forensics are discussed. The discussion in the field of processing digital forensics and network forensics is also given. Models based on hierarchy are discussed. The process models in the field of network forensics are given more emphasis in discussion. A generic process model for network forensics is given with detailed discussion.


Intrusion Detection System Crime Scene Investigation Process Digital Evidence Data Analysis Phase 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Palmer G (2001) A road map for digital forensic research. Utica, New YorkGoogle Scholar
  2. 2.
    Carrier B, Spafford EH (2003) Getting physical with the digital investigation process. Int J Digit Evid 2(2):1–20Google Scholar
  3. 3.
    Baryamureeba V, Tushabe F (2004) The enhanced digital investigation process model. In: Fourth Digital Forensic Research workshop, pp 1–9Google Scholar
  4. 4.
    Casey E, Palmer G (2004) The investigative process. In: Digital evidence and computer crime. Elsevier Academic Press, LondonGoogle Scholar
  5. 5.
    Ieong RSC (2006) FORZA-Digital forensics investigation framework that incorporate legal issues. Digit Investig 3:29–36CrossRefGoogle Scholar
  6. 6.
    Selamat SR, Yusof R, Sahib S (2008) Mapping process of digital forensic investigation framework. Int J Comput Sci Netw Secur 8(10):163–169Google Scholar
  7. 7.
    Grobler CP, Louwrens CP, von Solms SH (2010) A multi-component view of digital forensics. In: ARES’10 international conference on availability, reliability, and security, pp 647–652Google Scholar
  8. 8.
    Ademu IO, Imafidon CO, Preston DS (2011) A new approach of digital forensic model for digital forensic investigation. Int J Adv Comput Sci Appl 2(12):175–178Google Scholar
  9. 9.
    Agarwal A, Gupta M, Gupta S, Gupta SC (2011) Systematic digital forensic investigation model. Int J Comput Sci Secur (IJCSS) 5(1):118–131MathSciNetGoogle Scholar
  10. 10.
    James JI, Gladyshev P (2013) A survey of digital forensic investigator decision processes and measurement of decisions based on enhanced preview. Digit Investig 10(2):148–157CrossRefGoogle Scholar
  11. 11.
    Shrivastava AK, Payal N, Rastogi A, Tiwari A (2013) Digital forensic investigation development model. In: 5th international conference on Computational Intelligence and Communication Networks (CICN), pp 532–535Google Scholar
  12. 12.
    Kohn MD, Eloff MM, Eloff JHP (2013) Integrated digital forensic process model. Comput Secur 38(1):103–115CrossRefGoogle Scholar
  13. 13.
    Beebe NL, Clark JG (2005) A hierarchical, objectives-based framework for the digital investigations process. Digit Investig 2(2):147–167CrossRefGoogle Scholar
  14. 14.
    Ciardhuain SO (2004) An extended model of cybercrime investigations. Int J Digit Evid 3(1):1–22Google Scholar
  15. 15.
    Merkle LD (2008) Automated network forensics. In: Genetic and Evolutionary Computation Conference (GECCO 08), Atlanta, Georgia, USA, pp 1929–1932Google Scholar
  16. 16.
    Liang H, Kuo T, Guangkun S, Nurbol, Kuo Z (2009) DDCFS: a distributed dynamic computer forensic system based on network. In: Second international conference on intelligent computation technology and automation, pp 53–56Google Scholar
  17. 17.
    Shin YD (2008) New digital forensics investigation procedure model. In: 2008 fourth international conference on networked computing and advanced information management, pp 528–531Google Scholar
  18. 18.
    Hou M, Shen L (2009) A new system design of network invasion forensics. In: Second International Conference on Computer and Electrical Engineering (ICCEE), Dubai, pp 596–599Google Scholar
  19. 19.
    Strauss T, Olivier MS (2011) Network forensics in a clean-slate Internet architecture. In: Information Security South Africa (ISSA), pp 1–5Google Scholar
  20. 20.
    Zainudin NM, Merabti M, Llewellyn-Jones D (2011) Online social networks as supporting evidence: a digital forensic investigation model and its application design. In: International Conference on Research and Innovation in Information Systems (ICRIIS), Kuala Lumpur, Malaysia, pp 1–6Google Scholar
  21. 21.
    Jiang L, Tian G, Zhu S (2012) Design and implementation of network forensic system based on intrusion detection analysis. In: International conference on Control Engineering and Communication Technology, pp 689–692Google Scholar
  22. 22.
    Chen LM, Chen MC, Liao W, Sun YS (2013) A scalable network forensics mechanism for stealthy self-propagating attacks. Comput Commun 36(13):1471–1484CrossRefGoogle Scholar
  23. 23.
    Rossy Q, Ribaux O (2014) A collaborative approach for incorporating forensic case data into crime investigation using criminal intelligence analysis and visualisation. Sci Justice 54(2):146–153CrossRefGoogle Scholar
  24. 24.
    Pilli ES, Joshi RC, Niyogi R (2010) Network forensic frameworks: survey and research challenges. Digit Investig 7(1–2):14–27CrossRefGoogle Scholar

Copyright information

© Springer-Verlag London 2016

Authors and Affiliations

  • R. C. Joshi
    • 1
  • Emmanuel S. Pilli
    • 2
  1. 1.Graphic Era UniversityDehradunIndia
  2. 2.Malaviya National Institute of TechnologyJaipurIndia

Personalised recommendations