Book Image

Learning Network Forensics

By : Samir Datt
Book Image

Learning Network Forensics

By: Samir Datt

Overview of this book

We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.
Table of Contents (17 chapters)
Learning Network Forensics
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Digital footprints


For a moment, let's flashback to the Locard's exchange principle section. To reiterate, it basically expounds that every contact leaves a trace. What this means, in the digital context, is that all interactions with the digital system/network will leave some sort of an artifact/data behind as evidence of this event. These artifacts are known as digital footprints. They are of the following two types:

  • Passive

  • Active

Passive digital footprints are created by the system without the knowledge of the user, such as in the case of pasting passwords from a file to an application evidence or copies can be found in the volatile memory. Cookies are another example of this.

The user creates active digital footprints deliberately, such as in the case of a Facebook post, sending an e-mail, or storing and transmitting pictures.

These will usually exist and can be recovered from the following:

  • Device memory

  • Disk space including logs

  • Network traffic capture