The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
Network Forensics for Human-Driven Cyber Attacks
Abstract
Network Forensics is a part of Digital Forensics that helps in monitoring and analysis of Computer network traffic for gathering information, evidence, or intrusion detection. This helps in capture, analysis and interpretation of network traffic to uncover evidence of malicious activities and to support incidence response efforts. Unlike the automated Cyber intrusions, human-driven attacks are often carried out by skilled adversaries such as hackers, Cyber Criminals and malicious users. Such attacks are targeted, persistent and are adaptive in nature. Such attacks exploit not only the vulnerabilities in technology but also the human behavior and strategic planning bypassing the traditional security measures. Human-driven attacks try to exploit specific vulnerabilities making their detection demanding. This chapter focuses on how Network forensics provides a methodological framework and technical tools for monitoring, capturing, analyzing and reconstructing the network activities thereby enabling incident response and helps the analysts to trace the origin, method and impact of attacks. It also helps in mitigating human-driven cyber threats. Human-driven attacks typically follow a structured format. This chapter highlights the forensic techniques such as packet inspection, traffic flow analysis, anomaly detection, etc. With the integration of Machine learning and Artificial Intelligence (AI) technology into network forensic systems, the ability to detect indicators of advanced persistent threats has enhanced. Such techniques play a crucial role in environments where the attackers actively evade detection by misleading that as legitimate traffic through encryption, spoofing or data exfiltration. This chapter explores the basic forensic process that involves systematic collection, preservation, and analysis of evidence collected from network traffic. Generally, human-driven cyber attacks follow a sequence of phases such as reconnaissance, intrusion, data collection, and exfiltration. Because tampered evidence will not be valid, the forensic investigators must preserve the evidence through a proper chain of custody which is essential for acceptance before the court of law. Network forensics provides incident response and threat identification in a proactive manner by continuously monitoring network behaviour using forensic tools that flags anomalies and suspicious behaviour in real-time enabling the organizations to respond spontaneously before damage occurs. This chapter also identifies and addresses the challenges in network forensics by providing the solutions across distribute environments in real-time.
Related Content
|
Mohammad Kamrul Hasan, Zahid Latif, Arbia Hlali, Lei Xunping, Shah Afrin Billah Aka.
© 2026.
44 pages.
|
|
Md Mehedi Hasan Emon, Most. Sharmin Ara Chowdhury.
© 2026.
28 pages.
|
|
Kirubhakaran Marisamy, Aarthi Selvakumar, Balakrishnan Rajasekar, Ravikumar Natarajan, Anorgul Atajanova, Samariddin Makhmudov.
© 2026.
32 pages.
|
|
Shashi Kant.
© 2026.
28 pages.
|
|
Parveen Sharma.
© 2026.
26 pages.
|
|
Naoual Bouhtati, Lhoussaine Alla, Aziz Hmioui.
© 2026.
38 pages.
|
|
Md Mehedi Hasan Emon.
© 2026.
32 pages.
|
|
|