Network Forensics

Network forensics has been defined variously as the art of collecting, protecting, analyzing, and presenting network traffic to support remediation or prosecution. Many countries have data protection safeguards and good practice' guidelines for the use of network forensics. Network forensics might at first sight appear a specialist and arcane topic to include under the heading of Policing Digital Crime', but even a cursory audit of the number, ubiquity and functionality of network-connected devices in use suggests otherwise. Networks are commonly encountered in the course of a digital investigation that forms part of a wider criminal investigation, and the forensic examination and analysis of networks is increasingly important. The challenge might be further compounded by the use of data distortion techniques. Subtleties in the use of covert channels could also be a factor, for example, steganography could be used, as could very slight changes in some of the fields of a packet header.