A Model Based Approach for the Extraction of Network Forensic Artifacts

Izzat Alsmadi, Mamoun Alazab

Research output: Chapter in Book/Report/Conference proceedingConference Paper published in Proceedingspeer-review


Forensic analysts typically search through a large volume of data in different locations looking for possible evidences. The process can be very tedious and time consuming. Automating the process of searching for possible evidences can be very useful even if this can be as an initial stage before further deep human or manual analysis. Toward this goal, we developed a tool to automate extracting forensic artifacts from network resources. We evaluated the tool using artifacts of network packets and switch memory dumps. We found out that their is a need to balance between customization and level of details or accuracy that such tools can produce. This means that it will be impractical to develop a one-for-All tool or else such tool will be very large, complex and possible inefficient.

Original languageEnglish
Title of host publicationProceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017
EditorsAmeer Al-Nemrat, Mamoun Alazab
Place of PublicationPiscataway, NJ
PublisherIEEE, Institute of Electrical and Electronics Engineers
Number of pages3
ISBN (Electronic)9781538621431
Publication statusPublished - 9 Jan 2018
Externally publishedYes
Event2017 Cybersecurity and Cyberforensics Conference, CCC 2017 - London, United Kingdom
Duration: 21 Nov 201723 Nov 2017

Publication series

NameProceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017


Conference2017 Cybersecurity and Cyberforensics Conference, CCC 2017
Country/TerritoryUnited Kingdom

Cite this