Chapter 9. Incorporating Network Forensics into Incident Response Plans
In traditional computer-forensics settings, the evidence you seek is contained in one or more computers of interest. For network forensics, the evidence may reside in dynamic traffic (as it transits a network), routers, switches, firewalls, intrusion detection systems (IDSs), workstations, enterprise log servers, cell phones, or in the cloud. In addition, you may need to collect information from the network infrastructure (Dynamic Host Configuration Protocol [DHCP], domain name system [DNS], network address translator [NAT]) to complete your ...

Get Digital Forensics for Network, Internet, and Cloud Computing now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.