Chapter 5

Network Analysis


Today an examiner can easily utilize network capable forensic applications to conduct a network analysis. EnCase Enterprise[1], FTK[2] and even X-Ways[3] with the help of F-Response[4], can connect to any network attached device that is capable of having the tools particular agent installed on it.

Probably the most valuable piece of the puzzle you can get is the network traffic captured during the time of the incident. This is the ideal situation because it allows you observe the actual data being passed between the attacker and the victim, most of the time. There are many tools available that can capture and be used to analyze network capture data. There is a slight problem getting this data for a few reasons ...

Get Network Intrusion Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.