Law enforcement agencies need effective cognitive radio networks (CRNs) for pursuing forensics data essential to disentangling cybercrimes. The currently expensive traditional wireless networks obligate individual monitors to capture data from each of several channels. How should several monitors be efficiently slated to probe channels and capture packets in CRNs with robustly shifting operations? Chen and colleagues offer a solution that makes use of a smaller number of monitors than the available channels on a CRN to effectively capture packets.

The authors propose a packet arrival time prediction algorithm based on the familiar support vector regression model [1]. The algorithm allows monitors, contingent on their current workloads and not co-locations, to receive the arrival times of successive packets and to forecast the next packet arrival times at any channel. The greedy monitor scheduling algorithm selects the most available monitor to capture the appropriate packets.

Extensive simulation experiments were performed to assess the reliability of the traffic arrivals and the accuracy of scheduling monitors to channels. Traces of file transfer protocol (FTP), voice over Internet Protocol (VoIP), and web browsing traffic were investigated. The targeted packets ought to originate from the FTP and VoIP traffic. The results reveal that the proposed algorithm is more accurate in forecasting the packet arrival times of FTP and VoIP traffic than the web browsing and Internet control message protocol (ICMP) traffic. The proposed algorithm for switching monitors among channels significantly outperformed any random method. Other than the failure to recognize the types and characteristics of the packets flowing into the channels by different applications, the authors offer great insights into the optimal scheduling of limited monitors to channels, to capture packets in CRNs. This paper offers abundant insights into catching encrypted and unencrypted packets for forensics data analysis and investigation.