Network forensics deals with monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information.
Network forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.
Two systems are commonly used to collect network data; a brute force "catch it as you can" and a more intelligent "stop look listen" method.
In this part of the module, we shall be exploring network forensics by analysing network packet capture files using a convenient tool named Wireshark.
Additionally, here is a guide to socket programming: https://realpython.com/python-sockets/
Discussions among mentees are encouraged and we request you to use the corresponding Team on MS Teams or the corresponding WhatsApp group for the same.
Created with ❤️ by CSeC