Network forensics

In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.

Two systems are commonly used to collect network data; a brute force "catch it as you can" and a more intelligent "stop look listen" method.

The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence.

Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.

With these tools, website pages, email attachments, and other network traffic can be reconstructed only if they are transmitted or received unencrypted.

[8] Another approach to encrypted traffic analysis uses a generated database of fingerprints,[9] although these techniques have been criticized as being easily bypassed by hackers[10][11] and inaccurate.

The internet can be a rich source of digital evidence including web browsing, email, newsgroup, synchronous chat and peer-to-peer traffic.

The evidence collected can correspond to plain data or, with the broad usage of Voice-over-IP (VoIP) technologies, especially over wireless, can include voice conversations.

Wireshark , a common tool used to monitor and record network traffic