NF Post 9 : Network Forensics
In the previous posts, we have mention several topics related to network forensics. But, what exactly is network forensics itself?
According to A Road Map for Digital Forensic Research, report from DFRWS 2001, Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection.
To be more simple, network forensics is the process of collecting and analyzing raw network data and systematically tracing network traffic to find out how an attack took place.
The purpose of network forensics in to gather information and legal evidence, and detect/ prevent intrusion. People often confuses about what’s the Difference between network forensics and network security. Here’s the difference between both just to make it clear.
These days, the internet is used for many things, and aside from the good things, there are many incidents happen. And that’s where network forensics comes in. Network forensics is important because it can responses to those incidents, such as:
• When the incident occurred
• How long did the incident occurred
• What data was involved (any taken data? any sensitive/ confidential information?)
• How many systems were affected
• Is the incident still going on ?
With network forensics, we can:
- improve network performance
- stop network hacks and viruses
- identify rouge access in the network
- identify security breaches (network-based evidence might be the only evidence available for as proof of the incident), and many more.
But aside from the usefulness, there are many challenges that a network forensic investigators have to faced, and those challenges include:
- COMP6348: Network Forensics – Lecture #1– Introduction, made by Mr. Kalpin Erlangga Silaen, M.Kom, CISSP.
- https://www.sciencedirect.com/science/article/pii/S1084804516300121
- https://www.slideshare.net/primeteacher32/network-forensics-73601497