Network Forensics - Overview


Network forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).

Compared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.

Systems used to collect network data for forensics use usually come in two forms:

  • "Catch-it-as-you-can" - This is where all packets passing through certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.
  • "Stop, look and listen" - This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.

Read more about this topic:  Network Forensics

Other articles related to "overview":

Kewanee, Illinois - Schools - Overview
... There are also other schools in Kewanee like Visitation Catholic School home of the Giants, and a community college, Black Hawk College ... Black Hawk College-East Campus is recognized nationally for its equestrian program, as well as livestock judging teams ...
Golden Brown - Overview
... The single was a hit around the world, scaling the Top 10 as far away as Australia ... Its commercial success was probably the single factor that secured The Stranglers their continuing life in pop mainstream for the remainder of the 1980s ...
Unified Modeling Language - Topics - Diagrams Overview - Interaction Diagrams
... Interaction overview diagram provides an overview in which the nodes represent communication diagrams ... Communication diagram Interaction overview diagram Sequence diagram The Protocol State Machine is a sub-variant of the State Machine ...
United States Presidential Election, 1992 - Nominations - Democratic Party Nomination - Overview
... U.S ... Senator Tom Harkin (Iowa) ran as a populist liberal with labor union support ...