Network Traffic Analysis

Once you have access to the appropriate tools, you can examine either the live traffic or logs to determine if a crime has been (or is being) committed and to gather evidence about that crime.

Using Log Files as Evidence

An end-to-end investigation looks at an entire attack. It looks at how an attack starts, at the intermediate devices, and at the result of the attack. Evidence may reside on each device in the path from the attacking system to the victim. Routers, virtual private networks (VPNs), and other devices produce logs. Network security devices, such as firewalls and intrusion detection systems (IDSs), also generate logs. An IDS is software that automates the process of monitoring events occurring in a computer ...

Get System Forensics, Investigation, and Response, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.