Date Added: May 2010
Network forensics is capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents. This paper addresses the major challenges in collection, examination and analysis processes. The authors propose a model for collecting network data, identifying suspicious packets, examining protocol features misused and validating the attack. This model has been built with specific reference to security attacks on ICMP protocol. The packet capture file is analyzed for significant ICMP protocol features to mark suspicious packets. The header information encapsulated in the packet capture file is ported to a database.