Including network routers in forensic investigation

Document Type

Conference Proceeding


Edith Cowan University


Faculty of Health, Engineering and Science


ECU Security Research Institute


This article was originally published as: Cusack B., Lutui R. (2014). Including network routers in forensic investigation. Proceedings of the 11th Australian Digital Forensics Conference, ADF 2013. (pp. 59-70). Edith Cowan University. Original article available here


Network forensics concerns the identification and preservation of evidence from an event that has occurred or is likely to occur. The scope of network forensics encompasses the networks, systems and devices associated with the physical and human networks. In this paper we are assessing the forensic potential of a router in investigations. A single router is taken as a case study and analysed to determine its forensic value from both static and live investigation perspectives. In the live investigation, tests using steps from two to seven routers were used to establish benchmark expectations for network variations. We find that the router has many attributes that make it a repository and a site for evidence collection. The implications of this research are for investigators and the inclusion of routers in network forensic investigations.

Access Rights

Free to access