Network Forensics with Neurofuzzy Techniques

Forensics science is based on a methodology composed by a group of stages, being the analysis one of them. Analysis is responsible to determine when a data constitutes evidence; and as a consequence it can be presented to a court. When the amount of data in a Network is small, its analysis is relatively simple, but when it is huge the data analysis becomes a challenge for the forensics expert. In this paper a forensics network model is proposed, which allows to obtain the existing evidence in an involved TCP/IP network. This Model uses the Fuzzy Logic and the Artificial Neural Networks to detect the Network flows that realize suspicious activities in the network or hosts, minimizing also the cost and the time to process the information in order to discriminate which are normal network flows and which has been subjected to attacks and intrusions.