Network Forensics Investigation in Virtual Data Centers Using ELK

Network forensics is a focus on collecting, monitoring, reporting Network log analysis and investigation success or failure in a network. Major goal of security provided to the network is to protect sensitive customer information online, Lateral movement with RDP (Remote Desktop Protocol), Ransomware running on an endpoint, large Data exfiltration from multiple endpoints, malicious attacks etc, degrade Network Performance. but crime scenario starts to identify crimes and evidence network attack digital device or another component. Network access logs analysis main part in the investigation. Network forensic is an offset of digital forensics used for the monitoring and analysis of computer network traffic intended for collecting information, lawful proof against illegal activity, or intrusion detection on the network. Network examination manages unstable and persuasive data. The project is intended to deliver the device relying upon the point of view of Network investigation in Virtual Data Canters. Proposed methodology is based on ELK Stack (Elasticsearch, Logstash, and Kibana) to collecting, monitoring, reporting Network log analysis and Machine learning Techniques to automate the cron job process. It additionally helps in law requirement investigation. Data center is using virtual networks have problem for log analysis and real time log in time stamp based analysis using network forensics approaches. Network forensics investigation in virtual data-center is an art and science seeking to make sense out of computer- generated records. Network forensics investigation is a process to identify suspected logs in a network. Data center have huge amount of log file generated Esxi server, VCenter, VMware.