Title: Network forensics investigation: behaviour analysis of distinct operating systems to detect and identify the host in IPv6 network
Authors: Abdullah Ayub Khan; Syed Asif Ali
Addresses: Department of Information Technology, Sindh Madressatul Islam University, Karachi, Pakistan ' Department of Information Technology, Sindh Madressatul Islam University, Karachi, Pakistan
Abstract: This paper studies the behaviour analysis of distinct operating systems for the purpose of forensics investigation in the IPv6 network and ensures the detection as well as identification of the network host. The network forensics parameters help to capture, filter, analyse, and information reporting about the computer-based incidents and activities of cybercrime. IPv6 supports tackling the complication of traffic in a network environment, such as dual-stack, tunnel, and translation. This research sheds light on the IPv6 network, assesses the automatic and manual transition in order to characterise network behaviour. This paper proposes a flexible and automated method architecture to analyse operating systems behaviour by observing the system function calls, performing network investigation by using PCAP file analysis to help detect and identify the host, sessions, and open ports in the virtual environment. Through the experimental result on the network traffic, PCAP files dataset of the University of New Haven, the proposed model can archive identify network host in IPv6 network with high accuracy rate, the result shows the robustness of the NetworkMiner in terms of behaviour analysis with efficacy as compared to other state-of-the-art schemes.
Keywords: digital forensic; network forensics; behaviour analysis of distinct operating systems; IPv6 networks; host identification; PCAP file analysis; NetworkMiner.
DOI: 10.1504/IJESDF.2021.118542
International Journal of Electronic Security and Digital Forensics, 2021 Vol.13 No.6, pp.600 - 611
Received: 29 Aug 2020
Accepted: 10 Oct 2020
Published online: 28 Oct 2021 *