Network Forensics

Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection [1].

What is Network Forensics?

Network forensics is the art of investigating the network traffic patterns with the sole purpose to gather information and evidence in order to identify the source of network security attacks. This task is achieved by a three step process: capturing, recording and analyzing of the network packets which are gathered from multiple sites and different network systems like IDS, firewalls,etc. Moreover, it keeps track of the network to understand the nature and behavior of the cyber attackers.

Network Forensic examination steps

A generic Network forensic examination includes the following steps:

Identification

Identifying and investigating an incident originated from network indicators.This step is crucial as it impacts the following steps.

Preservation

Shielding and isolating the state of physical and logical evidences in order to protect them from getting tampered due to external interference.

Collection

Documenting the physical evidence and making copies of digital evidence using standardized methods and procedures.

Examination

Comprehensive and exhaustive exploration of evidence pertaining to the network attack. It involves digging and inspecting potential evidence and assembling elaborate documentation for analysis.

Analysis

This step involves rebuilding packets belonging to network traffic data and deduce significance based on evidence found.

Presentation

Provide a brief summary and description of drawn conclusions.

Incident Response

Craft a response to the intrusion detected curated based on details and evidence collected to substantiate and evaluate the incident.

Learning Resources

  1. Enisa online training
  2. Advanced Network Forensics Lab
  3. Introduction to Security and Network Forensics

Textbooks

  1. Oreilly, Hands on: Network Forensics
  2. Packt, Learning Network Forensics
  3. Enisa, Introduction to Network Forensics Handbook
  4. Wiley, Ric Messier: Network Forensics

Tools

  1. Tools and Techniques For Network Forensics
  2. Security Wizardry: Network Forensics Toolkit
  3. eForensics Magazine, Learn "how to” – 101 best forensic tutorials
  4. Wireshark basics

References

[1] Network Forensics - Wikipedia