Introduction to a network forensics system for cyber incidents analysis

Abstract

Recently, sophisticated attacks are increased against specific business companies, organizations and various facilities and the attackers are trying to remove attack traces such as system logs and related information on the victim systems. Therefore, it is getting more difficult to collect the information for attack analysis. In order to overcome this situations, companies and organizations have started to collect the network traffic as secondary information for attack analysis. However, most of them are focusing on gathering the network packets. But one of the most important parts is to extract the useful information for attack analysis from the collected data. In this paper, we suggest a network forensics system, Cyber Blackbox, which is focused on the traffic analysis.