Network Forensics
Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection [1].
What is Network Forensics?
Network forensics is the art of investigating the network traffic patterns with the sole purpose to gather information and evidence in order to identify the source of network security attacks. This task is achieved by a three step process: capturing, recording and analyzing of the network packets which are gathered from multiple sites and different network systems like IDS, firewalls,etc. Moreover, it keeps track of the network to understand the nature and behavior of the cyber attackers.
Network Forensic examination steps
A generic Network forensic examination includes the following steps:
Identification
Identifying and investigating an incident originated from network indicators.This step is crucial as it impacts the following steps.
Preservation
Shielding and isolating the state of physical and logical evidences in order to protect them from getting tampered due to external interference.
Collection
Documenting the physical evidence and making copies of digital evidence using standardized methods and procedures.
Examination
Comprehensive and exhaustive exploration of evidence pertaining to the network attack. It involves digging and inspecting potential evidence and assembling elaborate documentation for analysis.
Analysis
This step involves rebuilding packets belonging to network traffic data and deduce significance based on evidence found.
Presentation
Provide a brief summary and description of drawn conclusions.
Incident Response
Craft a response to the intrusion detected curated based on details and evidence collected to substantiate and evaluate the incident.
Learning Resources
Textbooks
- Oreilly, Hands on: Network Forensics
- Packt, Learning Network Forensics
- Enisa, Introduction to Network Forensics Handbook
- Wiley,
Ric Messier: Network Forensics
Tools
- Tools and Techniques For Network Forensics
- Security Wizardry: Network Forensics Toolkit
- eForensics Magazine, Learn "how to” – 101 best forensic tutorials
- Wireshark basics
References
[1] Network Forensics - Wikipedia