Network Forensics: Today and Tomorrow

Whenever Intrusion is detected over the internet a network forensic is used to capture, record all the evidence, maintain documentation, and lastly perform analysis. It collects all the evidence and preserves them for future analysis. Original evidences are stored in the evidence locker and analysis is performing on the duplicate copy of the data. Network forensic collect dynamic information but digital forensic collect volatile and static information. Network forensic proposed various network forensics analysis tools (NFATs), which provides network security and it detects intrusion and send alert message to their corresponding client and servers. A honeytrap tool is used to identify intruder and collect essential information from the intruder. Different framework is used to reconstruct the network trace. However, it is difficult to trace the intruder activity. In this paper, we deal with different tools and different framework that provides network security.