| dc.description.abstract | Network forensics is a science of determining and retrieving evidential information in a computer networked
environment about a criminality in such a way as to make it admissible. The established computer networks
forensic field lays a strong foundation for network forensics as standard security frameworks, tools and
techniques are in place for phase detection, collection, preservation and presentation of evidence. However,
little has been done to address phase examination. The main challenge identified on this phase is identification
and correlation. The objectives of the study were to; analyse, investigate, identify, develop and evaluate a
network forensic framework which addresses the challenge in examination. A methodology was specifically
formalized on real time and post attacked network traffic investigation based on datasets prototype
implementation. The proposed technique in examination phase is identification and correlation of traced
datasets. The identification provided attempts made in compromising a system and assist during
reconstruction of intruded information. The correlation validated the particular intrusion and guide in decision
to proceed with investigation. The techniques resulted in confirmation of DDoS, Portscan and cross-site
scripting attacks dataset. | en_US |
