Chapter 9. Incorporating Network Forensics into Incident Response Plans
In traditional computer-forensics settings, the evidence you seek is contained in one or more computers of interest. For network forensics, the evidence may reside in dynamic traffic (as it transits a network), routers, switches, firewalls, intrusion detection systems (IDSs), workstations, enterprise log servers, cell phones, or in the cloud. In addition, you may need to collect information from the network infrastructure (Dynamic Host Configuration Protocol [DHCP], domain name system [DNS], network address translator [NAT]) to complete your ...

Get Digital Forensics for Network, Internet, and Cloud Computing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.