This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Network forensics" – news · newspapers · books · scholar · JSTOR(April 2011) (Learn how and when to remove this message)
Part of a series on
Forensic science
Physiological
Anthropology
Biology
Bloodstain pattern analysis
Dentistry
DNA phenotyping
DNA profiling
Forensic genealogy
Entomology
Epidemiology
Limnology
Medicine
Palynology
Pathology
Podiatry
Toxicology
Social
Psychiatry
Psychology
Psychotherapy
Social work
Criminalistics
Accounting
Body identification
Chemistry
Colorimetry
Election forensics
Facial reconstruction
Fingerprint analysis
Firearm examination
Footwear evidence
Forensic arts
Profiling
Gloveprint analysis
Palmprint analysis
Questioned document examination
Vein matching
Forensic geophysics
Forensic geology
Social network analysis
Digital forensics
Computer exams
Data analysis
Database study
Malware analysis
Mobile devices
Network analysis
Photography
Video analysis
Audio analysis
Related disciplines
Electrical engineering
Engineering
Fire investigation
Fire accelerant detection
Fractography
Linguistics
Materials engineering
Polymer engineering
Statistics
Traffic collision reconstruction
Related articles
Crime scene
CSI effect
Perry Mason syndrome
Pollen calendar
Skid mark
Trace evidence
Use of DNA in forensic entomology
Outline
Category
v
t
e
Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection.[1] Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.[2]
Network forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis.[3] The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.
Two systems are commonly used to collect network data; a brute force "catch it as you can" and a more intelligent "stop look listen" method.
^Gary Palmer, A Road Map for Digital Forensic Research, Report from DFRWS 2001, First Digital Forensic Research Workshop, Utica, New York, August 7 – 8, 2001, Page(s) 27–30
^Casey, Eoghan (2004). Digital Evidence and Computer Crime, Second Edition. Elsevier. ISBN 0-12-163104-4.
^Erik Hjelmvik, Passive Network Security Analysis with NetworkMiner http://www.forensicfocus.com/passive-network-security-analysis-networkminer Archived 2012-02-23 at the Wayback Machine
Networkforensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information...
devices and computer crime. The term "digital forensics" was originally used as a synonym for computer forensics but has expanded to cover investigation of...
things field, using a forensically sound and legally acceptable process. Unlike traditional digital forensics approaches, IoT forensics is characterized by...
Computer forensics (also known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital...
Journal of Forensic Sciences; and the European Network of Forensic Science Institutes (founded 1995). In the past decade, documenting forensics scenes has...
based on user-definable filters. For many applications, especially networkforensics and incident response, it is critical to conduct full packet capture...
NetWitness is a network security company that provides real-time networkforensics automated threat detection, response, and analysis solutions. The company...
The ForensicNetwork (the shortened name of the Forensic Mental Health Services Managed Care Network) is one of Scotland's Managed Clinical Networks. The...
Forensic accounting, forensic accountancy or financial forensics is the specialty practice area of accounting that investigates whether firms engage in...
Digital Forensics Framework (DFF) is a discontinued computer forensics open-source software package. It is used by professionals and non-experts to collect...
to build multi-tier data mining and networkforensics systems. As more companies save large quantities of network traffic to disk, tools like the WildPackets...
available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security...
Xplico is a networkforensics analysis tool (NFAT), which is a software that reconstructs the contents of acquisitions performed with a packet sniffer...
Mobile device forensics is a branch of digital forensics relating to recovery of digital evidence or data from a mobile device under forensically sound conditions...
anthropometry Bioarchaeology Forensic pathology Forensic dentistry Forensic science, also known as "forensics" Forensic facial reconstruction List of...
Audio forensics is the field of forensic science relating to the acquisition, analysis, and evaluation of sound recordings that may ultimately be presented...
Forensic linguistics, legal linguistics, or language and the law is the application of linguistic knowledge, methods, and insights to the forensic context...
professor at the Institute of Forensic Medicine in Turin, Italy, is another to have made significant contributions to forensics. In 1915, he discovered a...
Forensic psychiatry is a subspeciality of psychiatry and is related to criminology. It encompasses the interface between law and psychiatry. According...
not air again until 2016, when they were broadcast on the HLN Network under the Forensic Files title. The last two specials, "JFK Assassination" and "The...
and NetIntercept, a commercial networkforensics tool, introduced in 2001. Designed as a second-generation network analysis tool, NetIntercept operated...
to collected evidence found at the massacre using his new "ballistic-forensics" technique. After test firing the guns, Goddard proved that the weapons...
Cyber Forensics and Cybersecurity with seminal peer-reviewed work in the areas of Virtual Reality Forensics (VR) and security, mobile device forensics and...
disaster settings, forensic pathologists will work alongside Forensic Odontologists, Forensics Anthropologists as well as other forensic specialties with...
Global Information
