Most computer forensic examinations focus on system forensics – live system and memory data, and the data remaining on storage devices. These investigations neglect the significant amount of network data (moving packets, event logs, and specialized tools such as honeypots).
During this session, you will learn proactive and post-response techniques for collecting and analyzing network forensic data. Using open source and commercial tools, practical demonstrations based on actual cases will show common tasks such as (1) monitoring a network for anomalous traffic and identifying an intrusion, (2) analyzing captured network traffic to reassemble transferred files, (3) extracting communications sessions. By the end, you’ll be able to use network forensic results with other forensic data, ensuring you have the complete story.