JOURNAL OF POLYTECHNIC-POLITEKNIK DERGISI, cilt.27, ss.665-679, 2024 (ESCI)
In Turkiye, there are legislation and practices that define the judicial, administrative and technical processes for the purpose of illuminating the cybercrimes. However studies in the perspective of network forensics are scarce thus the requirements for healthy and regulatory network forensics processes are not determined, and have not been examined on software-defined networks (SDN). This study aimed to determine the necessary evidence sources for SDN forensics, the basic requirements of the legislation and applications used in Turkiye in the focus of network forensics, and to show the applicability of the requirements to the SDN environment and to create an SDN forensic process. SDN experiments were carried out in light of forensic processes and previous international studies. The results showed that SDN met the specified requirements. Suggestions were made to ensure full compliance of legislation and practices with SDN. After the evaluation of measures that can be taken in the field of forensic informatics, a framework for SDN forensic management has been proposed. Conclusively, SDN forensics can only be performed with the southern interface data and a legislative regulation is necessary. The significant data required by the legislation can be obtained with the least effort via SDN forensics.