Network Forensics is the capture, recording, storage and analysis of network events to discover the source of security attacks or other problem incidents. The purpose of Network forensics is to record every packet of network traffic to a single searchable repository to examine the traffic in great detail. Collecting a complete record of network activity can be invaluable for addressing technical, operational, and organizational issues.
Network Forensics can uncover the low-level addresses of the communicating systems, which can be used to trace an action or conversation back to a physical device. The entire content of emails, Instant Messaging conversations, web surfing activities and file transfers can be recovered and reconstructed to reveal the original transaction. Moreover, the protocol data that surrounded each conversation is often treasured.
The following are only some of the uses of Forensics Network:
- Finding proof of a security attack
- Troubleshooting Intermittent Performance Issues
- Monitoring User Activity for Compliance with IT and HR Policies
- Identifying the Source of Data Leaks
- Monitoring Business Transactions
- Troubleshooting VoIP and Video over IP