Network Forensic
Network forensic is the capturing, recording and analysis of network event in order to discover the source of security incidents.
Overview
Network forensics is capture, recording and analysis of network packets in order to determine the source of network security attacks. The major goal of network forensics is to collect evidence. It tries to analyze network traffic data, which is collected from different sites and different network equipment, such as firewalls and IDS. In addition, it monitors on the network to detect attacks and analyze the nature of attackers.
Why we need network forensic
Breach Response.
Hunting.
Metrics/Network Knowledge.
Intelligence.
DNS/Passive DNS.
Intelligent Alerting.
About our Approach
Identifying a security threat or attack.
Collecting and preserving the evidence.
Examining the data that has been gathered.
Analyzing collected data and creating conclusions from that data.
Presenting the conclusions made.
Responding to the incident to initiate a clean-up.
