From the course: Network Forensics
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Legal implications
- It's a reasonable expectation that legal professionals would challenge the credibility of the evidence network forensic specialists present in court. A crosscheck is a way to make your evidence more credible. What I mean is, the same event origination from multiple devices which makes the evidence stronger. Firewall logs and Intrusion Detection Systems, or IDS logs, can all point to the same user trying to connect to a server at a specific time. However, for this to work it's necessary to synchronize the clocks on the hardware producing the log files so that the produce accurate timestamps. Without proper synchronization it's impossible to correlate an event on one device to another. Network Time Protocol, or NTP, is a widespread mechanism used to automate the process of clock synchronization. Devices connect to an NTP server, or to it's peers to set their clocks periodically. Thoroughness also increases the credibility of your data. If you have an option, the recommended practice…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.