Due to the number of attacks against network systems such as computers, smartphones, tablets, and so on increasing, the value of network forensics has grown. In order to respond to any major attack, the analyst needs to have the ability to observe, detect, and understand what the threat actor has done by conducting digital forensic principles and examining the network traffic data.
Network forensics involves collecting and conducting an analysis of the network packets to understand the complete picture of the incident. The crux is to collect and preserve evidence while conducting analysis to get a complete picture of what happened, who did what, and produce sound technical evidence and inferences to support the hypotheses. This includes analyzing the network data from firewalls, IDSes/IPSes, and other perimeters and internal networking devices.
Fundamentals of network forensics
Before we go into the gory details of network forensics, it is important to understand...