Network forensics overview
Introduction Network forensics in a nutshell is the combined activities regarding capturing, recording, and analyzing network packets in order to determine the source of attacks. Steps of network forensic examinations · Identification · Preservation · Collection · Examination · Analysis · Presentation · Incident Response Types of analysis performed on network level: · Data-link and physical layer (Ethernet) Methods are achieved with eavesdropping bitstreams on the Ethernet layer of the OSI model. Monitoring tools or network sniffers such as Wireshark or Tcpdump are used. These help to capture traffic data from a network card interface configured in promiscuous mode. · Transport and network layer (TCP/IP) Network layer provides router information from routing table present as well as log evidence. These help a great deal in providing information on compromised packets, identifying sources