<![CDATA[The increasing complexity of cyberattacks requires network forensic methods capable of reconstructing, detecting, and interpreting malicious activity with high accuracy. Existing forensic approaches still face limitations when analyzing large scale network traffic, particularly when attack patterns resemble normal user behavior, which complicates the identification of incidents and the reconstruction of attack timelines. This study proposes a neural network based network forensic framework that integrates attack identification, network traffic classification, and activity reconstruction to support digital investigations. The research employs an experimental design with a mixed traffic dataset comprising normal and malicious activities, including network scanning, SSH brute-force attempts, denial-of-service attacks, and malware distribution. The neural network model performs the detection phase by classifying network traffic, while a structured forensic pipeline guides the extraction of digital artifacts and the correlation of network metadata. The results indicate that the proposed model achieves 97.82 percent accuracy, a low false-positive rate, and faster processing time compared with conventional network forensic approaches. Forensic analysis of network logs reveals attack patterns characterized by intensive scanning on common service ports, repeated authentication attempts on SSH services, anomalous packet inter arrival intervals during denial of service attacks, and increased payload entropy associated with malware communication. These findings demonstrate the effectiveness of integrating neural network techniques into network forensic investigations, supporting improved detection capabilities and the reconstruction of digital evidence during cyber incident analysis.]]>
