I am intereated, in knowing, which hardware is recommended for network forensic.
thanks you
I have used FTK V3 for this. Worked well.
What exactly are you planning to do;
Do you want to image over a network?
Do you want to conduct a full investigation over a network?
Are you connecting directly (network cross over cable)?
Are you connecting to a network in a different building?
Actually I have no job in this field. I was only studying the situation.
My second idea, is to create new software and hardware for network investigations
thanks
Actually, there is plenty of hardware and software that works very well. What isn't working very well is the file formats. They are old and do not compress very well.
If you want to contribute to the field, try creating a fileformat that have all the advantages of PCAP but also compresses well. Or find a way to compress PCAP files better. It also has to integrate well with standard tools like Wireshark/Tshark and TCPDump. Digital signatures would be nice too.
ok thanks, will study about it
If you want to do network forensics, another thing you can try is to learn how to create & use Virtual Machines (VMs). They will allow you to practice network forensics on one computer.
From there you can install and try out FTK, Encase, F-responce, WireShark and other tools to learn about network forensics.
I suggest you look into some forensic classes that will teach you the basics so you can learn more from there.
good luck.