Difference between revisions of "Network forensics"

From ForensicsWiki
Jump to: navigation, search
(Tips.)
(Proprietary Network Forensics)
Line 11: Line 11:
 
* Sandstorm's [[NetIntercept]]
 
* Sandstorm's [[NetIntercept]]
 
* NIKSUN's [[NetDetector]]
 
* NIKSUN's [[NetDetector]]
 +
* ManTech International Corporation [http://www.netwitness.com/ NetWitness]
  
 
== Tips and Tricks ==
 
== Tips and Tricks ==
  
 
* The time between two events triggered by an intruder (as seen in logfiles, for example) can be helpful. If it is very short, you can be pretty sure that the actions were performed by an automated script and not by a human user.
 
* The time between two events triggered by an intruder (as seen in logfiles, for example) can be helpful. If it is very short, you can be pretty sure that the actions were performed by an automated script and not by a human user.

Revision as of 20:38, 14 April 2006

Network forensics is the process of capturing information that moves over a network and trying to make sense of it in some kind of forensics capacity. A network forensics appliance is a device that automates this process.

There are both open source and proprietary network forensics systems available.

Open Source Network Forensics

Proprietary Network Forensics

Tips and Tricks

  • The time between two events triggered by an intruder (as seen in logfiles, for example) can be helpful. If it is very short, you can be pretty sure that the actions were performed by an automated script and not by a human user.