Modeling the network forensics behaviors

Abstract

Network forensics is a new coming approach to the network security. However, this field is not very clear to the new researchers. In this paper, we discuss the network forensics behaviors systematically from both the technical view and legal view. The goal of discussion is to outline the formalization and standardization of the network forensics behaviors. To our knowledge, this is the first time to comprehensively discuss the network forensics model and its fundamental fields, such as taxonomy, conceptual model, legal principles, key techniques, canonical processes and its accessory facilities and systems - network forensics system architecture and deployment. These discussions will give the guidance to the standardization of network forensics processes and the implementation of prototype system.