NETWORK FORENSICS

this is a subset of the digital forensics domain. it focuses on network traffic investigation and covers the work done to access information transmitted by listening and investigating live and recorded traffic, gathering evidence/artifacts and understanding potential problems. the investigation tries to answer the following

• Who (Source IP and port)

• What (Data/payload)

• Where (Destination IP and port)

• When (Time and data)

• Why (How/What happened)