Browser unable to execute script; please use the site map to navigate the site.

Network Forensics: Web Proxy Log Analysis

Fei, Eloff, Olivier, and Venter


(Citation)Citation information

B. K. L. Fei, J. H. P. Eloff, M. S. Olivier, and H. S. Venter. “Network Forensics: Web Proxy Log Analysis”. In: Advances in Digital Forensics II. Ed. by M. S. Olivier and S. Shenoi. Springer, 2006, pp. 247–258


Network forensics involves capturing, recording and analysing network audit trails. A crucial part of network forensics is to gather evidence at the server level, proxy level and from other sources. A web proxy relays URL requests from clients to a server. Analysing web proxy logs can give unobtrusive insights to the browsing behavior of computer users and provide an overview of the Internet usage in an organisation. More importantly, in terms of network forensics, it can aid in detecting anomalous browsing behavior. This paper demonstrates the use of a self-organising map (SOM), a powerful data mining technique, in network forensics. In particular, it focuses on how a SOM can be used to analyse data gathered at the web proxy level.

(Authoritative version on publisher's site)Definitive version

The definitive version of the paper is available from the publisher.
DOI: 10.1007/0-387-36891-4_20

(BibTeX record)BibTeX reference

author={Bennie K L Fei and Jan H P Eloff and Martin S Olivier and Hein S Venter},
title={Network Forensics: Web Proxy Log Analysis},
booktitle={Advances in Digital Forensics {II}},
editor={Martin S Olivier and Sujeet Shenoi},
pages={247--258} )