Network Forensics: Challenges and Tools

Network Forensics: Challenges and Tools

This webinar originally occurred on August 12, 2020
Duration: 1 hour


In response to criminal investigations involving digital evidence, law enforcement needs forensically sound tools to acquire, evaluate, process, and present the data to the court. In the case of network forensics, challenges arise when the evidence is buried in large volumes of data.

The financial burdens of purchasing and licensing proprietary tools are not sustainable for law enforcement. This webinar reviewed a set of open-source tools, including snort, pcap, TcpDump, wireshark, and NetworkMiner. It also highlighted a recent open-source toolkit, FileTSAR, developed by Purdue University. This user-friendly toolkit can extract digital evidence from large amounts of network traffic and reconstruct unencrypted files, web pages, emails, and VOIP. FileTSAR achieves great performance by leveraging Spark, ElasticSearch, Kafka, and Kibana.

Since existing tools all have their own limitations, the presenters also discussed the challenges in network forensics. Potential workarounds were given for law enforcement and future work was identified for researchers in the field.

Detailed Learning Objectives

  1. Attendees will learn the definition and value of network forensics.
  2. Attendees will learn the challenges in network forensics for researchers and law enforcement.
  3. Attendees will learn the Network Forensic tools, limitations, and workarounds.


  • Dr. Kathryn Seigfried-Spellar | Associate Professor in the Department of Computer and Information Technology at Purdue University
  • Dr. Baijian "Justin" Yang | Associate Professor of Computer and Information Technology at Purdue University

Funding for this Forensic Technology Center of Excellence webinar has been provided by the National Institute of Justice, Office of Justice Programs, U.S. Department of Justice.

The opinions, findings, and conclusions or recommendations expressed in this webinar are those of the presenter(s) and do not necessarily reflect those of the U.S. Department of Justice.

Contact us at with any questions and subscribe to our newsletter for notifications.

Related Content

2024 NIJ Forensic Science R&D Symposium

Overview The Forensic Technology Center of Excellence (FTCOE) assisted the National Institute of Justice (NIJ) in hosting the annual NIJ Forensic Science Research and Development (R&D) Symposium on Tuesday, February 20, 2024 at the 76th Annual American Academy of Forensic Sciences (AAFS) conference in Denver, Colorado. This…

Physical Characteristics of Spatter Stains on Textiles

This webinar originally occurred on December 12, 2023Duration: 1 hour Overview Bloodstain pattern analysis (BPA) is a forensic technique for crime scene reconstruction, through analyzing bloodstains (e.g., size, shape, etc.) and their patterns (e.g., distribution, location, etc.) to recreate the…