Network Forensics

Network Forensics

Network Forensics is a subsidiary of digital forensics that relates to the monitoring and analysis of computer network traffic for the purpose of information gathering, legal evidence, or intrusion detection.

There are 3 types of network forensic systems:

1. Catch-it-as-you-can systems whereby all packets passing through certain traffic points are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.
2. Stop-look-and-listen systems whereby each packet is analyzed in a rudimentary way (in memory) and only certain information is retained for future analysis. This approach relies on a fast processor to deal with incoming traffic.
3. Wireless Forensics Examination describes the capture of data that’s transmitted through the air. With special antennas and the right hard- and software, massive data packages, VoIP traffic mainly, may be obtained as evidence.