Internet
Fact-checked

At EasyTechJunkie, we're committed to delivering accurate, trustworthy information. Our expert-authored content is rigorously fact-checked and sourced from credible authorities. Discover how we uphold the highest standards in providing you with reliable knowledge.

Learn more...

What is Network Forensics?

Mary McMahon
Mary McMahon
Mary McMahon
Mary McMahon

Network forensics is the analysis of network traffic to collect information used in internal, as well as legal, investigations. In addition to being used for investigative purposes, network forensics is also a tool for intruder detection and interception utilized for system security. There are a number of techniques in use to intercept data, using a variety of devices to either collect all data that moves through a network or identify selected data packets for further investigation. Computers with rapid processing speeds and high volumes of storage space are needed for accurate and productive forensic analysis of a network.

As computer systems moved increasingly toward networks in the 1990s and home Internet became ubiquitous in many communities, interest in network forensics increased and numerous companies began manufacturing products and offering services in the network forensics industry. Internet service providers, law enforcement, and security companies all use these tools, and it is also employed by information technology staff for security in facilities where sensitive information is handled.

Cat5 cable, which is used with networks.
Cat5 cable, which is used with networks.

In network forensics, as data moves across a network, it is captured and analyzed. Analysts look for any unusual and suspicious activity and can identify particular computers or people of interest for deeper investigation. In the case of law enforcement, investigations may be conducted for the purpose of gathering evidence to be used in court, as well as ongoing investigations. Internal investigations may utilize network forensics to identify sources of information leaks and potential security compromises in a system.

Network forensics may be used to track suspicious or fraudulent activity on a computer network.
Network forensics may be used to track suspicious or fraudulent activity on a computer network.

Intruder detection with network forensics can be part of a security scheme for a company. Automated systems look for suspicious traffic and alert security personnel, and in some cases, such systems may automatically intervene to block access to sensitive information or to kick people off the network altogether. This proactive approach to security allows computer networks and systems to respond dynamically to threats.

Governments started pushing for increasing access to computer networks for the purpose of accessing and analyzing data in the 2000s. The development of wire-tap compliant devices and systems was advocated by some law enforcement agencies with the goal of using network forensics to identify potential security threats, ranging from terrorist activity over computer networks to evidence of criminal activity. Criminals turned to the Internet for organizing offline activities, as well as conducting attacks over networks in the 1990s and many governments felt powerless to interdict information and respond without a broad framework for information interception in place.

Mary McMahon
Mary McMahon

Ever since she began contributing to the site several years ago, Mary has embraced the exciting challenge of being a EasyTechJunkie researcher and writer. Mary has a liberal arts degree from Goddard College and spends her free time reading, cooking, and exploring the great outdoors.

Learn more...
Mary McMahon
Mary McMahon

Ever since she began contributing to the site several years ago, Mary has embraced the exciting challenge of being a EasyTechJunkie researcher and writer. Mary has a liberal arts degree from Goddard College and spends her free time reading, cooking, and exploring the great outdoors.

Learn more...

Discuss this Article

Post your comments
Login:
Forgot password?
Register:
    • Cat5 cable, which is used with networks.
      By: tr3gi
      Cat5 cable, which is used with networks.
    • Network forensics may be used to track suspicious or fraudulent activity on a computer network.
      By: alexskopje
      Network forensics may be used to track suspicious or fraudulent activity on a computer network.