Network Forensics: Fundamentals

Network Forensics: Fundamentals

Copyright: © 2019 |Pages: 18
DOI: 10.4018/978-1-5225-5855-2.ch001
Chapter PDF Download
Open access chapters are freely available for download


Network forensics investigations aim to uncover evidence about criminal or unauthorized activities facilitated by, or targeted to, a given networking technology. Understanding the fundamental investigative principles is equally important as understanding each of the modern networking technologies for every forensics scientist or practitioner. This chapter provides an overview of the network forensic fundamentals from a contemporary perspective, accenting the formalization of network investigation, various investigative techniques, and how the network forensics support the legal system.
Chapter Preview

Network Forensics Investigation Process


The formalization of network forensics is necessary to ensure the soundness and reliability of the investigative process and the veracity of evidence presented in court (Slay et al., 2009). To demonstrate the suitability of the scientific methods for production of network evidence, various formal models have been proposed in the past (Marshall, 2011; Joshi and Pilli, 2016). The ISO recognized that the inconsistency between these models can greatly affect the quality, validity, and credibility of the digital evidence and devised accreditation through the set of interrelated standards depicted in Figure 1. These standards lay down the fundamental set of principles with guidance on how they can be applied in common scenarios. As such, the ISO/IEC SC27 standards are suitable for investigations in various networking environments to ensure the quality of the network forensics products.

Figure 1.

ISO/IEC SC27 digital forensics standards


Key Terms in this Chapter

2G: 2 nd generation of mobile networks. The most dominant technology is the global system for mobility (GSM).

Cc: Content-of-communication.

ISO/IEC: International Standardization Organization/International Electrotechnical Commission.

LTE: Long term evolution.

3G: 3 rd generation of mobile networks. The most dominant technology is universal mobile telecommunication system (UMTS).

Exabytes: 10 18 bytes or 1 billion gigabytes.

CERT: Computer emergency response team.

3GPP: 3 rd generation partnership project.

LEA: Law enforcement agency.

IoT: Internet of things.

IP: Internet protocol.

5G: 5 th generation of mobile networks. Still in standardization phase, the first 5G deployments are envisioned for 2020.

TCP/IP: Transmission control protocol/internet protocol.

4G: 4 th generation of mobile networks. The 4G technologies are long term evolution (LTE) and the advanced version, LTE-advanced. Colloquially, the terms LTE/LTE-A are used as a synonym for 4G as they are the only global standard for mobile communication from the fourth generation.

Gigabytes: 1 billion bytes. Bytes are units of digital information consisting of eight bits – zeroes or ones.

Complete Chapter List

Search this Book: