Title: Critical Phases in Network Forensics - A Review

Year of Publication: Jun - 2014
Page Numbers: 68-75
Authors: Nik Mariza Nik Abdull Malik , Saadiah Yahya and Mohd Taufik Abdullah
Conference Name: The International Conference on Digital Security and Forensics (DigitalSec2014)
- Czech Republic


The fragility nature of digital evidence required an adequate investigation procedure to maintain its admissibility. Thus, a Digital Forensic Investigation (DFI) models and frameworks had been proposed by many researchers. These models and frameworks cover all processes involved in investigating digital crimes, from preparation until presentation of the evidence. However, the existing DFI encountered inconsistency in terminologies, sequences and scope of investigation. Therefore, this study reviews the literature on fifteen DFI models and frameworks that has network forensic as a part. This is followed by a proposed conceptual model of two critical phases in network forensics investigation that are, Examination and Analysis.