Network Forensics

Network forensics is a term that has been around for years now and it is basically a variation of computer forensics that involves multiple devices that are connected via a network.  The forensic analysis of networked computers can be performed on a small or large scale network depending on the situation.  While a single digital device can hold massive amounts of data, network devices that are connected to each other could be affected by a single device that has been compromised or misconfigured to unfavorable affect the network.

An example of a large scale network analysis would be a user that has been infected by malware that connects to a network.  After isolation the device and conducting a malware analysis DTI specialists would analyze the network for signatures or indicators to identify if the malicious code was able to affect the network.  Another good example would be users that connect to other networks with a mobile device such as a laptop.  Although an organizations internal security measures and controls may be very effective, they will not protect a device while is connected to another network such as a home network or a client or partner network.  If a user connects to an infected network and the device is compromised, you risk the possibility of allowing the compromise to be introduced into your environment.

Other examples where network forensics would be beneficial could be misconfigurations on the network that could be causing data loss or bog now the network causing slower network speeds.