Authorization: This phase comprises to jot down the

Authorization: This phase involves obtaining legal permissions from the concerned
authority to initiate the investigation process as shown in Fig. 1. Ciardhuain
proposed the authorization phase to take consent from the internal and external
organizations 13.
Preservation: Preservation phase implicates the avoidance of tempering of
network evidence 1. For example in case a mobile device is involved in the crime,
then it must be switched off to avoid mitigating of call and network logs. This is the
second phase as shown in Fig. 1.
Initial Assessment: In this stage, an initial judgment is made whether to continue
or abort investigation. If there are not pre-installed tools for network traffic
collection, then the investigation is terminated 4. This phase has two outward
links, out of which only one is selected as displayed in Fig. 1.
Strategy Planning: This phase comprises to jot down the strategy to carry out
further investigation, i.e., team members, duration of investigation, cost involved,
and software use. This phase involves to construct a design strategy using design
science given by Lutui 9, giving more stress on efficacy and coherence.
Evidence Collection: Evidence is collected at this stage which may either
involve automatic or manual network traffic collection. Further, the huge data
collected from the network can be reduced by eliminating superfluous data 14.
Documentation: Documentation is the process of writing all the relevant
information required during the investigation process 4.
Network Forensic Process Model and Framework: An Alternative … 495
Analysis: Analysis phase involves determination of attack patterns by
employing various machine learning techniques. This phase involves the techniques
such as PROLOG logic techniques to analyze the data as given by Liu et al. 8.
Investigation: Further investigation is done to reconstruct the attack scenario,
and replay it at the investigator’s end 15.
Decision and Reporting: A decision is made at this stage about the type of
attack and concerned authorities are informed to take appropriate actions.
Review: A review is done to check it for further improvement. In case of any
improvement is required then strategy is rescheduled by taking the novel
parameters.

x

Hi!
I'm Gerard!

Would you like to get a custom essay? How about receiving a customized one?

Check it out