Abstract: Network forensics and diagnostics play a critical role in enabling operators to locate the root causes of attacks or service disruptions by analyzing logs and evidence of various devices.