I. INTRODUCTION:

Cyber Forensics (or ‘Digital Forensics’) deals with evidence found on computers and digital storage media that’s related to crime scene investigations[1].

Network forensics refers to the forensic analysis of captured network traffic [7].

Vaibhav Kaushal listed down the various Detection Approaches in cyber forensic[1].Gathering evidence without being seen the scene is a key part of the process. If you contaminate the source of evidence, the rest of the case is on an unsure track already.

He suggested some steps like :

1. Know the OS

2. Fish for hidden file content.

3. Rely on tools to assist you.

Overall we can say that cyber forensic activity assist you to elaborate any crime scene in detail to reach up to criminal and collect step by step approach to justify the evidence.

II. LITERATURE SURVEY:

2.1 Nickson M. Karie et. al. suggested a Deep Learning Cyber-Forensic Framework (DLCF). Proposed frame work is having five layers viz [2].

§ Layer 1 : Initialization Process

§ Layer 2: PDE Data Sources Identification

§ Layer 3: Deep Learning Enabled Cyber Forensic Investigation Engine

§ Layer 4: Forensic Reporting and Presentation

§ Layer 5: Decision Making and Case Closure

Layer 3 which is Deep Learning enabled Cyber Forensic Investigation Engine comprises of four layers based on task it performs are as under [2]:

· Layer 1: Evidence Collection/Acquisition

· Layer 2:Evidence Storage/Preservation

· Layer 3: Evidence Analysis

· Layer 4: Evidence Interpretation

Authors have not suggested any algorithm for forensic engine to work it may their future work as they claim in given paper.

2.2 Robert Beverly et al. proposed a methodology suggesting IP residual packet can be used to malware analysis specifically for mobile devices[3].

Initially the authors before applying proposed methodology create a ground truth dataset on which to develop arriving strategy and develop carving signature using some defined way.

On the basis of signature analysis the create module for bulk_extractor which carves the following data structure

· IP Packets

· Socket Structure

· Windows

· Ethernet

On the basis of their experimental result they conclude that, IP packets and network data structures from memory are frequently persisted onto mass storage devices as a result of system hibernation and virtual memory. We have developed a tool that can be used to automatically extract this information[3].

2.3 Emmanuel Abba et al. have presented a methodology in their paper [4] to develop Multiple Mobile Network(MMN) for Call Detail Record(CDR) and it’s forensic analysis.

In their proposed methodology involves following steps[4]:

Step1-Artifaacts Identification;

Step2-CDR scheme Development;

Step3-CDR evaluation(Pass/Fail)

if fail

CDR Scheme Improvement;

else

MMNO Forensic process model for Investigation;

MMNO (Multiple Mobile Network Operator)

Artifacts Identification of first step involves following steps-

Step 1- MMN Call Simulation;

Step 2-Artifacts Generation;

Step 3- Check Does Artifacts EXIST;

If Yes

Ignore Artifacts;

If No

Identify as MMNO Specific Artifacts;

Performance analysis is done on following matrices of MMN-CDR, Absolute Speed, Relative Speed, Accuracy, Completeness, Reliability, Repeatability and comparison between traditional CDR and MMN-CDR.

2.4 Rachana Y. Patil et al. structured a new Network Forensic Protocol which works on Public Key Infrastructure (PKI) to regonise actual origin of cyber crime.

Proposed protocol framework works as follows[5]-

1.The agent process is prepared at the server side which collects evidence from client machine.

2. After the authentication the agent is deployed at client machine by embedding in HTML page.

3. The agent process takes consent for execution from target client.

4. If the client agrees the agents gets executed on client machine and collects the required fingerprinting parameters.

5. Then parameters are transmitted securely to the server.

6. The server executes the device fingerprinting algorithm and generate unique fingerprint of client machine.

7. The fingerprint is stored securely at server side for further verification if forensic investigation is required.

Finger printing collection algorithm is also presented by authors using hash tree. security analysis of proposed methodology is done against replay attack, man in the middle attack, privileged-insider attack, session hijacking attack, denial of service attack etc.[5].

2.5 Noora Al Mutawa et al. explain conducting forensic analysis on three widely used social networking applications on smartphones: Facebook, Twitter, and MySpace, collecting artifacts and suggest one methodology to examine such artifacts[6].

Authors have discussed that how facebook, twitter like application stores artifacts in user’s smart phones and discussed methods to collect such artifacts for proposed forensic methodology.

Noora Al Mutawa et al. further illustrates their forensic setup to perform their experiments which incorporates list of tools, applications and devices etc..

They performed test in three stages viz.

o Scenarios

o Logical acquisition

o Analysis

2.6 M.I. Cohen, Australian Federal Police, Brisbane, Australia describes in his paper about the PyFlag’s (Network Forensic Tool) architecture and in particular how that is used in the network forensics context[7].

PyFlag (Cohen and Collett, 2005) was originally designed by the Australian Department of Defence, and was later released under the GPL (Free Software Foundation, 2007) license. It was originally designed as a database driven analysis tool for digital forensics, but later included an advanced network forensic capability.

PyFlag has tree like virtual file system to represent various objects in it using inodes. It can handle various image formats through the IO subsystem. Here the filesystem loader is a specific module which is responsible for loading the VFS with inodes at particular mount point. Scanners are modules which operate on VFS inodes and gather specific information about them.

A PCAP file is created using some program and it contain packet data of network. These file formats is used for analysis of network characteristics[7].

Following steps are taken in dissecting network traffic:

· PCAP files are parsed and individual packets are extracted from them.

· These packets are then dissected at the different low-level protocols, such as Ethernet, IP, TCP or UDP.

· Related TCP packets are collected into streams by a TCP stream reassembler. The reassembler takes into account packet retransmission and out of sequence ordering.

· The resulting streams are then dissected with higher level protocol dissectors such as HTTP, IRC, MSN Chat, etc.

PyFlag has many network forensic components like Stream Reassembler, Packet Handlers, Stream dissectors etc.

2.7 Daniel Walnycky et al. forensically acquired and analyzed the device-stored data and network traffic of popular instant messaging applications for Android[8].

Authors have experimented on top rated 20 instant messaging/ Social messaging apps. In controlled lab environment they performed network forensic examining network traffic while sending messages from and to the devices using features of this application. Experiment is performed in controlled lab environment & set up was designed by some calculations by authors[8].

Result of the experiment reveals that 16 out of 20 applications in their experiment have serious problems from a user privacy point of view. Users may believe that they are sending messages only to their intended recipient, but in the majority of cases their messages or components of their messages can easily be recovered by network sniffing or by a logical examination of the device itself[8].

2.8 Yang Xin et al. presents literature review of machine learning and deep learning methods to thwart a cyber attack. They discussed data sets like DARPA Intrusion Detection Data Sets, KDD CUP 99 DATASET, NSL-KDD DATASET, ADFA DATASET etc. which are used in various algorithms of ML and DL[9].

In second part of the paper they tell about various Machine Learning(ML) and Deep Learning(DL) algorithm used ML and DL techniques like Support Vector Machine, K-NEARESTNEIGHBOR, DECISION TREE, DEEP BELIEF NETWORK, RECURRENT NEURAL NETWORKS etc. suggested by many authors[9].

2.9 Wenxiu Ding, Zheng Yan and Robert H. Deng surveyed about future internet security architectures and elaborated various security architectures like NAMED DATA NETWORKING (NDN), CONTENT AWARE SEARCHING RETRIEVAL AND STREAM (COAST), MobilityFirst, EXPRESSIVE INTERNET ARCHITECTURE (XIA), SCALABILITY, CONTROL, AND ISOLATION ON NEXT GENERATION NETWORK (SCION) etc.[10].

They discussed architecture of above-mentioned projects with its pros and cons, security, strength, objective etc. They also compared all architectures.

III. Conclusion:

In accordance of short review of various papers it seems that we have immense possibilities that we can develop new forensic approaches. As new threats are becoming more powerful and making our application prune to attack we need more powerful and strong forensic techniques to recover out data as well as to detect any cyber-crime held. We also need to always keep an eye over recent advancement on forensic approaches as well as on recent threats, so that we could overcome from drawbacks of threats.

IV. REFERENCES:

1. Vaibhav Kaushal, Date of Publishing: Jun 16 2014, Date of Accessing - Jan 19,2020 url- https://www.digit.in/how-to/general/how-to-become-a-cyber-forensics-expert-22985.html.

2. Nickson M. Karie, Victor R. Kebande, H.S. Venter, “Diverging deep learning cognitive computing techniques into cyber Forensics”, Forensic Science International: Synergy (2019),4th April, 2019, pp. 61-67, ELSEVIER.

3. Robert Beverly, Simson Garfinkel, Greg Cardwell, “Forensic carving of network packets and associated data structures”, digital investigation, Vol.8, (2011), pp.S78 -S89, ELSEVIER.

4. Emmanuel Abba, A.M. Aibinu, J.K. Alhassan,” Development of multiple mobile networks call detailed records and its forensic analysis”, Digital Communications and Networks 5 (2019) ,pp.-256–265.

5. Rachana Y. Patil, Satish R. Devane, “Network Forensic Investigation Protocol to Identify True Origin of Cyber Crime”, Journal of King Saud University – Computer and Information Sciences, Accepted 30 November 2019, ELSEVIER.

6. Noora Al Mutawa, Ibrahim Baggili, Andrew Marrington, “Forensic analysis of social networking applications on mobile devices”, Digital Investigation 9 (2012), pp. S24–S33, Elsavier.

7. M.I. Cohen, “PyFlag – An advanced network forensic framework”, digital investigation 5 (2008), pp. S112– S120, ELSEVIER.

8. Daniel Walnycky, Ibrahim Baggili, Andrew Marrington, Jason Moore, Frank Breitinger, “Network and device forensic analysis of Android social-messaging applications”, Digital Investigation 14 (2015), pp. S77-S84, ELSEVIER.

9. Yang Xin, Lingshuang Kong, Zhi Liu, Yuling Chen, Yanmiao Li, Hongliang Zhu, Mingcheng Gao, Haixia Hou, and Chunhua Wang, “ Machine Learning and Deep Learning Methods for Cyber Security”, D.O.I- 10.1109/ACCESS.2018.2836950, May 15, 2018. IEEE Access.

10. Wenxiu Ding, Zheng Yan, Robert H. Deng, “A Survey on Future Internet Security Architectures”, D.O.I.- 10.1109/ACCESS.2016.2596705, July 29, 2016, IEEE Access.

Received on 20.05.2020 Accepted on 17.06.2020

Research J. Engineering and Tech. 2020;11(2):53-56.

DOI: 10.5958/2321-581X.2020.00010.0