Al-Mahrouqi, AadilAadilAl-MahrouqiAbdalla, SamehSamehAbdallaKechadi, TaharTaharKechadi2015-04-142015-07-302015 IEEE2015-07-30http://hdl.handle.net/10197/64812015 Science and Information Conference, London, United Kingdom, 28-30 July 2015The large number of event logs generated in atypical network is increasingly becoming an obstacle for forensicinvestigators to analyze and use to detect and verify maliciousactivities. Research in the area of network forensics is trying toaddress the challenge of using network logs to reconstruct attackscenarios by proposing events correlation models. In this paperwe introduce and examine a new network forensics model thatmakes network event-logs admissible in the court of low. The ideaof our model is to collect available logs from connected networkdevices and then apply Support Vectors Machine (SVMs) in orderto filter out anomaly intrusion, and re-route these logs to a centralrepository where a event-logs management functions are applied.en© © 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Machine learningStatisticsSVMsEvidence reliabilityNetwork evidence admissibilityAuthentication of evidenceBest evidenceConference Publication1257126510.1109/SAI.2015.72373052015-03-19https://creativecommons.org/licenses/by-nc-nd/3.0/ie/