Difference between pages "Email Headers" and "Network forensics"
From Forensics Wiki
(Difference between pages)
(→External Links) |
|||
| Line 1: | Line 1: | ||
| − | ''' | + | '''Network forensics''' is the process of capturing information that moves over a [[network]] and trying to make sense of it in some kind of forensics capacity. A [[network forensics appliance]] is a device that automates this process. |
| − | + | There are both open source and proprietary network forensics systems available. | |
| − | + | == Open Source Network Forensics == | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | == | + | == Tips and Tricks == |
| − | * | + | * The time between two events triggered by an intruder (as seen in logfiles, for example) can be helpful. If it is very short, you can be pretty sure that the actions were performed by an automated script and not by a human user. |
| − | + | ||
Revision as of 08:42, 16 April 2006
Network forensics is the process of capturing information that moves over a network and trying to make sense of it in some kind of forensics capacity. A network forensics appliance is a device that automates this process.
There are both open source and proprietary network forensics systems available.
Open Source Network Forensics
Tips and Tricks
- The time between two events triggered by an intruder (as seen in logfiles, for example) can be helpful. If it is very short, you can be pretty sure that the actions were performed by an automated script and not by a human user.
