Wei, ReiDoroshenko, Anatoly E.Halpin, Terry A.Liddle, Stephen W.Mayr, Heinrich C.2019-10-152019-10-1520043-88579-377-6https://dl.gi.de/handle/20.500.12116/29100The employment of a patchwork of nonintegrated security products can only provide incomplete coverage, which cannot give the total panorama of the network misuse behavior. Network forensics is a new approach for the incident investigation and emergence response, which also enhance the network security from a different point of view. However, the current network forensics system is confused with the network monitor system or sniffer system. It always is misconstrued to an only network traffic capture system. In this paper, we for the first time discuss the concept model of network forensics system, which can give guidance for the implementation of network forensics system and the formalization of the network forensics procedure, which is a principle element of the recognition between the law enforcement participation. Particularly, some novel approaches for network forensics system are discussed for the first time, such as network forensics server, network forensics protocol and standardization, and so on.ennetworkcomputer forensicsnetwork forensicsnetwork securityincident investigationinformation securityText/Conference Paper1617-5468