Introduction to Network Forensics
Week #1 | Network Forensics | Hengky Sanjaya
This article contains a summary of what I’ve learned in the Network Forensics class.
This article or tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.
What is Network Forensics?
Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. ~Wikipedia
The purposes of Network Forensics:
- Intrusion Detection / Prevention
- Information Gathering
- Legal Evidence
Computer vs Network Forensics
To understand more, we need to look at the differences between Computer vs Network Forensics (NFs)
- Computer: data is not much change for daily usage, whereas NFs data is much change constantly.
- In computer, the Evidence is contained within the file system, whereas in NFs, the Evidence sometimes exists only in RAM
- In computer, it’s easy to perform a forensically sound acquisition, whereas, in NFs, Most network devices do not have non-volatile storage
Why do we need this?
Network Forensics can play an important role in protecting networks from subtle and malicious security threats. Network forensics can enable an organization to adequately investigate and stop data breaches that threaten to cost organizations money, competitive advantage, or both.
It allows us to know “When the incident occurred”, “How long the incident occurred”, “What data was taken”, “How many systems were affected”. It helps us to find out the root cause and to collect evidence for law enforcement
In the next article, we will discuss more on the Source Evidence 😉
Thanks!
