Post 8: What is Network Forensics?

January 8, 2019 at | In Network Forensics | No Comments

Most people are not familiar with the word network forensics. So in this post, I will explain what is network forensics itself.

Network forensics is investigations that can obtain and analyze the information about what happens in a network. It is a sub-branch of digital forensics where investigators will monitor and analyze the network traffic to gain information and obtain evidence.

Most people also seem to mistaken network forensics with network security, but there are differences between the two. In network security, the system is protected against an attack, while in network forensics, the system is not protected against an attack. Network forensics means investigating after the incident has been done, while in network security, it is usually done in real time.

Network forensics is important and we need it, because it is part of incident responses, where investigators will investigate the incident very carefully. It is also important because evidences are collected for the law enforcement/court, and find the cause of the incident, which will be a lesson to learn so that similar incidents will not happen again in the future.

In network forensics, investigators also had their own challenges they need to face, which are:

  • Intelligent network forensics tools
  • Data extraction locations
  • Access to IP address
  • Data Privacy
  • Data integrity
  • Data storage on the network devices, and
  • High speed data transmission

No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds. Valid XHTML and CSS. ^Top^