computer forensics

(redirected from network forensics)

computer forensics

[kəm¦pyüd·ər fə′ren·ziks]
(forensic science)
The study of evidence from attacks on computer systems in order to learn what has occurred, how to prevent it from recurring, and the extent of the damage.

computer forensics

The investigation of a computer system believed to be involved in cybercrime. Forensic software provides a variety of tools for investigating a suspect PC. Such programs may copy the entire hard drive to another system for inspection, allowing the original to remain unaltered.

Another utility compares file extensions to the content within the files to determine if they have been camouflaged with phony extensions. For example, an image file might be renamed as a text document and vice versa. In addition, hard drives can be examined for data that has been deleted (see data remanence).

Network Forensics
In order to identify attacks, "network forensics" deals with the capture and inspection of packets passing through a selected node in the network. Packets can be inspected on the fly or stored on disk for later analysis. See hidden disk areas, forensically clean, slack space, write blocker, file wipe, IDS, Internet forensics and security event management software.

NIST Phases



The National Institute of Standards and Technology "Guide to Integrating Forensic Techniques into Incident Responses" covers four phases, which are briefly summarized below. For the complete 121-page NIST publication, download draft SP 800-86 at http://csrc.nist.gov/publications/nistpubs.

1 - Collection: Identify, label, record and acquire data from possible sources, while preserving the integrity of the data.

2 - Examination: Use manual and automated methods to assess and extract data of particular interest, while preserving the integrity of the data.

3 - Analysis: Use legally justifiable methods and techniques to derive useful information.

4 - Reporting: Describe actions used, explain how tools and procedures were selected, determine what other actions need to be performed, including forensic examination of additional data sources, securing identified vulnerabilities and improving existing security controls. Recommend improvements to policies, guidelines, procedures, tools and other aspects of the forensic process.
References in periodicals archive ?
Utica College's bachelor's in Cybersecurity program, offered on campus and online, has recently expanded to offer five areas of specialization: information assurance, cybercrime and fraud investigation, network forensics and intrusion investigation, homeland security and emergency management, and cyber operations.
The global Digital Forensics market by types has been segmented broadly into six segments: computer forensics, network forensics, cloud forensics, mobile device forensics, database forensics and others.
This collaboration and resulting functionality can be found in LogRhythm's platform, featuring security data and event management (SIEM), log management, network forensics, host forensics and advanced security analytics.
NYSE: QTM) said it has integrated the FireEye Network Forensics Platform with Quantum's StorNext scale-out storage.
It works with any packet analysis or capture solution, such as IDS, IPS, DLP, network forensics and web content monitoring solutions, to reveal content.
SecureTech's portfolio of offerings includes a detailed range of solutions for cyber security, network forensics, digital forensics, mobile forensics and various technologies for correlation and analytics.
com)-- Lighthorse Networks(tm), the leading provider of high performance Network Forensics and Network Security Streaming and Routing solutions is pleased to announce the availability of support for Accolades Best of Breed Packet Capture Adapters with the Forensic Filesystem(tm) appliance technology.
Topics discussed include built and commercially available honypots, honeynets, static, virtual and dynamic honeypots, wireless honeypots, deployment and applications, anti-honeypot technologies and network forensics.
AccessData has released its new Mobile Phone Examiner Plus (MPE+) software and preconfigured touch-screen field tablet, the provider of computer forensics, network forensics, eDiscovery, password cracking and decryption solutions said on Friday.
Solera Networks has raised $15 million in a third round of funding for its real-time network forensics and monitoring business.
lt;p>The workshops are scheduled to begin in January and will be conducted monthly throughout 2010, covering various topic related to IT Security and shall discuss on various topics such as Computer Forensics, Network Security, Network Forensics, Windows Forensics, Malware and, Ethical Hacking.
Students should be familiar with networking and A+ and Network+ fundamentals to understand chapter topics that include: recovery of image files, network forensics, how to process crime and incident scenes, digital evidence controls, working with Windows and DOS systems, data acquisition, e-mail investigation, computer forensics analysis, and the responsibilities of an expert witness and reporter of investigation results.

Full browser ?