Digital Forensics for Network, Internet, and Cloud Computing

Chapter 2. Capturing Network Traffic

Information in This Chapter

■The Importance of DHCP Logs

■Using Tcpdump/WinDump

■Using Wireshark

■Using SPAN Ports or TAPS

■Using Fiddler

■Firewalls

■Placement of Sensors

In this chapter, we learn about capturing live network forensics data. In other chapters, we discuss about searching for artifacts of network activity wherever they may exist throughout the network; but for now, we will focus on capturing live network traffic. Changes in network technology have severely limited the useful application of the live network traffic capture. For example, a host running a sniffer in a switched environment or wireless network will only see traffic addressed to itself and broadcast traffic even if the sniffer is running in ...

Get Digital Forensics for Network, Internet, and Cloud Computing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Digital Forensics for Network, Internet, and Cloud Computing by Clint P Garrison

Information in This Chapter

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly