Learn what network forensics is. Jungwoo provides the essential terms and concepts of network forensics.
- Network forensics is a subfield of computer and cyber forensics. Its goal is to preserve and analyze data for evidence to be presented in civil and criminal court cases. The basic mission of network forensics is still the same as that of computer and cyber forensics. However, the difference lies in its focus on the network data exchanged between various hosts, rather than the static data generated and stored locally on each computer.
Network forensics leverages all the data sources that make up a computer network, ranging from host firewalls to intrusion detection systems. One of the key aspects of network forensics is to effectively preserve, process, and analyze these disparate types of data. Due to the advent of cloud computing, we have vastly enhanced our capacity to preserve and process raw data for network forensics purposes.
In fact, the average size of such data is now quickly reaching the scale of big data. What's even more exciting is that analysis tools designed to take advantage of the big data are becoming rapidly available and more accessible to us as I speak. This, in turn, will provide better insight on a network incident, and even allow us to predict impending attacks in a real-time fashion.
One of the enablers for these newly-emerging trends is big data analytics and machine learning. Another enabler is the commoditization of the big data analytics services, in the form of cloud computing offerings. For example, all the major cloud service providers, such as Microsoft Azure, and Amazon AWS, are now featuring machine learning services.
- Network security concepts
- The basic functions of a firewall
- Intrusion detection and prevention systems
- Using network data to improve security
- Using log servers to collect data
- Collecting application data
- Collecting OS data
- Network forensics
- Network security visualization