K. CardwellTactical Wiresharkhttps://doi.org/10.1007/978-1-4842-9291-4_12

12. Network Traffic Forensics

Kevin Cardwell¹

(1)

California, CA, USA

In this chapter, we will review different characteristics of network connections and the traffic that is generated. It is an expansion on earlier topics as we need to extract the information from the communication traffic and identify what needs to be extracted from the data to be collected in a forensically sound manner.

Chain of Custody

As we have mentioned before, we need to ensure that we maintain a Chain of Custody document. You might be wondering, what is the risk? The reality is if you do not have the document ...

Get Tactical Wireshark: A Deep Dive into Intrusion Analysis, Malware Incidents, and Extraction of Forensic Evidence now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Tactical Wireshark: A Deep Dive into Intrusion Analysis, Malware Incidents, and Extraction of Forensic Evidence by Kevin Cardwell

12. Network Traffic Forensics

Chain of Custody

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly