PNFEA: A Proposal Approach for Proactive Network Forensics Evidence Analysis to Resolve Cyber Crimes

Full Text (PDF, 577KB), PP.25-32

Views: 0 Downloads: 0


Mohammad Rasmi 1,* Ahmad Al-Qerem 1

1. Zarqa University/Department of Computer Science, Zarqa, 13132, Jordan

* Corresponding author.

DOI: ijcnis.2015.02.03

Received: 16 May 2014 / Revised: 1 Sep. 2014 / Accepted: 15 Oct. 2014 / Published: 8 Jan. 2015

Index Terms

Cyber crime, network forensics, proactive approach, evidence investigation component


Nowadays, cyber crimes are increasing and have affected large organizations with highly sensitive information. Consequently, the affected organizations spent more resources analyzing the cyber crimes rather than detecting and preventing these crimes. Network forensics plays an important role in investigating cyber crimes; it helps organizations resolve cyber crimes as soon as possible without incurring a significant loss. This paper proposes a new approach to analyze cyber crime evidence. The proposed approach aims to use cyber crime evidence to reconstruct useful attack evidence. Moreover, it helps investigators to resolve cyber crime efficiently. The results of the comparison of the proposed approach prove that it is more efficient in terms of time and cost compared with the generic and the modern process approach for network forensics.

Cite This Paper

Mohammad Rasmi, Ahmad Al-Qerem, "PNFEA: A Proposal Approach for Proactive Network Forensics Evidence Analysis to Resolve Cyber Crimes", International Journal of Computer Network and Information Security(IJCNIS), vol.7, no.2, pp.25-32, 2015. DOI:10.5815/ijcnis.2015.02.03


[1]CERT, CSO & SERVICE, U. S. S. (2011) 2011 Cyber Security Watch Survey. Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte.
[2]Ponemon (2011) Second Annual Cost of Cyber Crime Study. Ponemon Institute.
[3]Palmer, G., A Road Map for Digital Forensic Research, in Report from DFRWS 2001, F.D.F.R. Workshop, Editor 2001: Utica, New York. p. 27–30.
[4]Alharbi, S., et al., The Proactive and Reactive Digital Forensics Investigation Process: A Systematic Literature Review Information Security and Assurance, 2011, Springer Berlin Heidelberg. p. 87-100.
[5]Garfinkel, S.L., Digital forensics research: The next 10 years. Digital Investigation, 2010. 7, Supplement (0): p. S64-S73.
[6]Grobler, C.P., C.P. Louwrens, and S.H. von Solms. A Multi -component View of Digital Forensics. in Availability, Reliability, and Security, 2010. ARES '10 International Conference on. 2010.
[7]Grobler, C.P., C.P. Louwrens, and S.H. von Solms. A Framework to Guide the Implementation of Proactive Digital Forensics in Organisations. in Availability, Reliability, and Security, 2010. ARES '10 International Conference on. 2010.
[8]Pilli, E.S., R.C. Joshi, and R. Niyogi, Network forensic frameworks: Survey and research challenges. Digital Investigation, 2010. 7(1-2): p. 14-27.
[9]Reith M, C.C., Gunsch G An Examination of Digital Forensic Models. International Journal of Digital Evidence, 2002. 1(3): p. 12.
[10]Carrier, B. and E.H. Spafford, Getting Physical with the Digital Investigation Process. International Journal of Digital Evidence, 2003. 2(2): p. 20.
[11]Stephenson, P., A COMPREHENSIVE APPROACH TO DIGITAL INCIDENT INVESTIGATION, in Information Security Technical Report, E.A. Technology, Editor 2003. p. 42-54. ICIT 2013 The 6thInternational Conference on Information TechnologyMay 8, 2013
[12]Baryamureeba, V. and F. Tushabe. The Enhanced Digital Investigation Process Model. in Proceeding of Digital Forensic Research Workshop. 2004. Baltimore, MD.
[13]Carrier, B.D. and E.H. Spafford, An event-based digital forensic investigation framework, in Proceeding of the 4th Digital Forensic Research Workshop DFRWS20042004. p. 11-13.
[14]Rogers, M.K., et al., Computer Forensics Field Triage Process Model. Journal of Digital Forensics, Security and Law, Vol. 1(2), 2006. 1(2): p. 19-37.
[15]Ciardhuáin, S.ó., An Extended Model of Cybercrime Investigations. International Journal of Digital Evidence, 2004. 3(1): p. 1-22.
[16]Wei, R. and J. Hai. Modeling the network forensics behaviors. in Security and Privacy for Emerging Areas in Communication Networks, 2005. Workshop of the 1st International Conference on. 2005.
[17]Kohn, M., J. Eloff, and M. Olivier, Framework for a digital forensic investigation, in Proceedings of Information Security South Africa (ISSA) 2006 from Insight to Foresight Conference2006.
[18]Kent, K., et al., Guide to Integrating Forensic Techniques into Incident Response, 2006: p. 1-121.
[19]Ricci S.C, I., FORZA - Digital forensics investigation framework that incorporate legal issues. Digital Investigation, 2006. 3, Supplement(0): p. 29-36.
[20]Yong-Dal, S. New Digital Forensics Investigation Procedure Model. in Networked Computing and Advanced Information Management, 2008. NCM '08. Fourth International Conference on. 2008.
[21]Mohammad Rasmi, A. Jantan, and Hani Al-Mimi. (2013) A New Approach For Resolving Cyber Crime In Network Forensics Based On Generic Process Model. The 6th International Conference on Information Technology (ICIT 2013).
[22]Siti Rahayu Selamat, R.Y., Shahrin Sahib, Mapping Process of Digital Forensic Investigation Framework. IJCSNS International Journal of Computer Science and Network Security 2008. Vol. 8(No. 10): p. 163-169.
[23]Pilli, E.S., et al., A Framework for Network Forensic Analysis, Information and Communication Technologies, 2010, Springer Berlin Heidelberg. p. 142-147.
[24]Pilli, E.S., R.C. Joshi, and R. Niyogi, A Generic Framework for Network Forensics. International Journal of Computer Applications, 2010. 1(11): p. 1-6.
[25]K. K. Sindhu,B. B. Meshram,"Digital Forensic Investigation Tools and Procedures", IJCNIS, vol.4, no.4, pp.39-48, 2012.