In network forensics, we monitor and perform analysis of computer network traffic for the purposes of information gathering, legal evidence and / or detection of malware intrusion.
Network forensics is performed with the following aims:
Detecting anomalous traffic and identifying intrusions. Depending upon the network design, we investigate which sub network is generating such traffic until we discover the compromised machine. Once the source of an anomalous machine or machines are identified, we quarantine the machine and perform in depth machine forensics to identify the malware that was releasing critical information, how to come to infect the system and to whom it was releasing information.
Reassemble captured network traffic to transfer data, files and human communication such as emails or chats in order to analyze and search through the data for data exfiltration.
Network forensics may also involve running network wide tools to collect evidence such as port scanners, vulnerability scanners, log analysis from Intrusion Prevention Systems and Firewalls, etc to collect compelling evidence. A damage analysis is also performed to identify the loss incurred to the affected organization.
We also perform wireless forensics with the goal to collect and analyze wireless network traffic that can be presented as valid digital evidence in the court of law. The evidence collected can correspond to plain data or voice conversation using VOIP technology