Content Leader: Jess Garcia - Last Updated: January 24, 2007
About Network Forensics
Network Forensics has two areas of activity:
Investigating the network traffic to identify evidence related to an incident.
In this sense, Network Forensics and Network-based Intrusion Detection are very similar areas of knowledge from a technology point of view, so please refer to the Network-based IDS/IPS section for information and resources.
Additionally, Network Forensics, just as any other Forensic area, has the added particularity that those findings you make have a bigger probability to end up in court, so you should be more cautious with your processes, tools and documentation in this case.
Investigating a host to determine what processes are related to a suspicious network activity.