No matter what anyone tells you, no investigation is complete or comprehensive if it only includes host-based forensic analysis. The fact is the host never has all of the relevant information, and there are way too many techniques for ensuring that no incriminating evidence is ever left on the disk. Because of this reality, it is essential that organizations act proactively and incorporate real network forensic tools and techniques into their investigative arsenal. This presentation will introduce some of the necessary techniques and will walk through a practical case study showing the power of a fully integrated investigative approach.
