What is Network Forensics? The collection and analysis of data contained within the components of a computer network such as switches, routers, and firewalls. Why would I ever need that data? Because your investigation requires a behavioral determination of activity on a computer network. Computer Network Data can easily become critical to a case. This evidence takes the form of log files, audit trails, and system data which can disclose when information was accessed, used, or received.
Matters leveraging this data involve fraud, IP theft, employment issues, and commercial litigation. Specific objectives of this investigation include:
Reviewing access logs to determine if a competitor accessed proprietary information.
Reviewing log files from an email server to determine if, in fact, an email was received.
Recreating a network environment to recover information and evidence from backup systems.
Reconstructing the timeline of events on a network to determine exactly when information was used.