I am currently a final year student studying forensic computing. i was hoping someone could give me some information regarding network forensicsc, i would like to know if there is a need for development in this area, what is the current views on networking.
Any advise would be much appreciated.
If you can get hold of an EnCase Enterprise manual or research "Enterprise" that will help as a starting point. The law enforcement version is EnCase FIM. Very costly but works in a network environment. The manual would give you an insight into their approach to investigating a network.
Basically it works on servlets running on the machines on the network and a "Safe" installation for the investigative side, once configured it's basically EnCase being able to investigate the network live in a "Forensic" manner.
It would appear common now especially in a server\business critical environment that the approach is selective acquisition of data e.g. a users profile contents only.
FTK have a similar approach, i.e. selective acquisitons of specific files\folders etc.
Do you mean gathering of forensic data over a network, or do you mean forensic analysis of network activity?
Seanmcl i would like to know about both please.