Post 11: Network-Based Evidence Sources

January 8, 2019 at | In Network Forensics | No Comments

To find evidence, there are many ways investigators can find it. Using different type of sources, this can help investigators to investigate further on a network incident. In this post, I will explain some of the sources that can be used to find evidences.

On the Wire

This source means that investigators can also investigate physical cable that carry data over to the network. An example of network cabling is copper and fiber-optic lines. The forensic value of cable is that wire tapping can provide network data in real-time.

In the Air

Using wireless signals is also one of the ways to find evidences in a network. The example of in the air related evidence are WiFi, Bluetooth, infrared, and NFC. The forensic value is that valuable information can still be obtained, even if the information is mostly encrypted.


Switch is a device with multiple ports that is use to connect different network segments together, and it can be managed and unmanaged. The forensic value is that switches can be a platform to capture and preserve the network traffic.


Router is a device that can forward packets through the network. It is connected around two networks, mostly LAN or WAN. The forensic value of router is able to be basic packet filters and route table, which map ports on the router to the connected networks.




No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds. Valid XHTML and CSS. ^Top^