Network Forensics Readiness and Security Awareness Framework

The goal of reaching a high level of security in wirelessand wired communication networks is continuously provendifficult to achieve. The speed at which both keepers and violatorsof secure networks is evolving is relatively close. Nowadaysnetwork infrastructures contain a large number of event logscaptured by Firewalls and Domain Controllers (DCs). However,these logs are increasingly becoming an obstacle for networkadministrators in analyzing networks for malicious activities.Forensic investigators mission to detect malicious activities andreconstruct incident scenarios is very complex considering thenumber as well as the quality of these event logs. In this paper,we present the building blocks of a framework for automatednetwork readiness and awareness. The idea of this frameworkis to utilize the current network security outputs to constructforensically comprehensive evidence. In the proposed framework,we cover the three vital phases of the cybercrime managementchain, which are: 1) Forensics Readiness, 2) Active Forensics, and3) Forensics Awareness. Keywords: Network Forensics, ForensicsReadiness, Network Security,Active Forensics, Reactive Forensics,Forensics Awareness and Network Security Framework.