One tedious task in the network forensic is the data correlation. To solve this issue, the network administrator should use a span port on network devices in multiple places of the network. Depending on the network configuration and security measures where the sniffer is deployed, the tool may not capture all desired traffic data. The first challenge is related to traffic data sniffing. Network forensics analysis, like any other forensic investigation presents many challenges. Incident Response: The response to attack or intrusion detected is initiated based on the information gathered to validate and assess the incident. Presentation: summarize and provide explanation of drawn conclusions. This focuses on identifying and discovering potential evidence and building detailed documentation for analysis.Īnalysis: determine significance, reconstruct packets of network traffic data and draw conclusions based on evidence found. Preservation: securing and isolating the state of physical and logical evidences from being altered, such as, for example, protection from electromagnetic damage or interference.Ĭollection: Recording the physical scene and duplicating digital evidence using standardized methods and procedures.Įxamination: in-depth systematic search of evidence relating to the network attack.
This step is significant since it has an impact in the following steps. Identification: recognizing and determining an incident based on network indicators.
The following is a brief overview of each step: Identification, preservation, collection, examination, analysis, presentation and Incident Response. A generic network forensic examination includes the following steps: Network forensics is also the process of detecting intrusion patterns, focusing on attacker activity. In addition, it monitors on the network to detect attacks and analyze the nature of attackers. It tries to analyze network traffic data, which is collected from different sites and different network equipment, such as firewalls and IDS. The major goal of network forensics is to collect evidence. Network forensics is capture, recording and analysis of network packets in order to determine the source of network security attacks.
0 kommentar(er)
