Design and implementation of a network forensics system for Linux

Technological advances of the Internet not only facilitate human life, but also give opportunities to attackers more easily conduct the activities of network intrusion and destruction. Network forensics is a forensic science and an important technology for network security realm. In this paper, we develop a network forensics system for Linux, which is used to collect and protect evidences when the cyber crime occurred. It consists of a live system, a friendly graphical launch menu, strengthen PyFlag software, and integrate required tools of system and network This system can expand its volatile, report presentation functionalities, and provide investigator to perform network forensics work quickly and correctly. The result of the forensics in this system can not only preserve evidences of the cyber crime, but also help organizations and institutions to understand the whole context of network security incidents and to strengthen the network host defense and security policy.