Network Forensics: Following the Digital Trail in a Virtual Environment

Abstract: The objective of this project is to examine all important aspects of networkforensics, and apply incident response methods and investigation techniquesin practice. The subject is twofold and begins by introducing thereader to the major network forensic topics. The second section discussesissues raised when working on a virtual context and presents a demonstrationnetwork. In particular, it is attempted to create a simplified model thatsimulates, to some extent, the operation of an ISP network. In this virtualinfrastructure, several attack scenarios of email abuse are performedagainst two corporate hosts. Then, a network forensic investigation is conductedand results are reported.