Network Forensics

Until the recent past, "forensics" has been primarily used in the physical world and defined as "scientific analysis of physical evidence (as from a crime scene)." Forensics as it relates to an enterprise network can be applied as it does in the physical world in that it is the search and analysis of network data. The activity of performing forensics is based in the reality that you never know what you don't know. The only way to perform a definitive forensics investigation is to be sure you have collected all of the evidence. It is no different when it comes to a network forensics investigation. In most cases you have only have a lead or a tip (in network parlance—a network alert or tip from a user) and you need to turn to the "evidence" which in this case is the enterprise IP-based network data. In network forensics a security analyst must:

1. Have a complete collection of all of the network data for an extended period of time
2. Have real-time access to that data
3. Be able to perform rapid, deep search and analysis on that data

Without satisfying the above criteria it would be impossible to definitively conclude that an exhaustive network forensics investigation has been performed. Net/FSE, by Packet Analytics is the ideal tool for definitive network forensics investigation. Net/FSE gives the security team the ability to collect ALL of its IP-based network data (evidence) including security rich Flow data (NetFlow, sFlow, J-Flow, IPFIX, etc) which is being generated by almost every enterprise network router and is essentially a free resource of forensic information. Net/FSE provides an intuitive and easy to use web-based user interface to perform in-depth forensic searches over a near real-time dataset and then apply deep analysis to "solve the crime."

Download Net/FSE today!

• Professional Services
• Network Data Analysis
• Incident Response
• Network Security
• Network Forensics
• Network Breach

Top of page