Network Traffic Analysis

Once you have access to the appropriate tools, you can examine either the live traffic or logs to determine if a crime has been (or is being) committed and to gather evidence about that crime.

Using Log Files as Evidence

An end-to-end investigation looks at an entire attack. It looks at how an attack starts, at the intermediate devices, and at the result of the attack. Evidence may reside on each device in the path from the attacking system to the victim. Routers, virtual private networks (VPNs), and other devices produce logs. Network security devices, such as firewalls and intrusion detection systems (IDSs), also generate logs. An IDS is software that automates the process of monitoring events occurring in a computer ...

Get System Forensics, Investigation, and Response, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.