A Framework for the Validation of Network Artifacts
Digital forensics has been of growing interest over the past ten to fifteen years despite being a relatively new scientic eld. Many technologies and forensics processes have been developed to meet the growing number of cases relying on digital artifacts. In this paper, we presents a framework for the validation of network artifacts in digital forensics investigations. Validation in the context of this work, refers to the overall probability of reaching the correct inferences about the artifacts, given a specic method and data. The main hypothesis of this work is that the validity of network artifacts can be determined based on probabilistic modelling of internal consistency of artifacts. The framework consists of three phases, namely: data collection, feature selection, and validation process. We demonstrate the functionality of the proposed framework using network artifacts obtained from Intrusion Detection Systems. Also, we assume that the initial acquisition of the network artifacts is forensically sound and steps are taken to ensure that the integrity of the artifacts is maintained during the data collection phase. A Monte Carlo Feature Selection and Interdependency Discovery algorithm is applied in selecting the informative features, while logistic regression is used as the probabilistic modelling methodology for the validation process. The experiment results show the validity of the network artifacts and can serve as a scientic methodology to support the initial assertions drawn from the network artifacts.