IoT create network and connect "things" and people together by creating relationship between either people-people, people-things or things-things. As the number of device connection is increased, it increases the Security risk. Security is the biggest issue for IoT at any companies across the globe. Privacy and data sharing can again be considered as a security concern for IoT. The IoT has been affected by different botnet activities. As botnets have the cause of serious security risks and financial damage over the years, existing Network forensic techniques cannot identify and track current sophisticated methods of botnets. Machine Learning techniques in order to train and validate a model for defining such attacks, but they still produce high false alarm rates with the challenge of investigating the tracks of botnets. This paper investigates the role of Machine Learning techniques for developing a Network forensic mechanism based on network flow identifiers that can track suspicious activities of botnets. Multivariate Hawkes Process identifies the latent influences between attackers by utilizing the mutually exciting properties. Then cluster the attacker activities based on the inferred weighted influence matrix with resort to the hierarchical, partitioning and graph-based clustering approach.