16

Network Forensic Analysis Tools

Here we are. Our final chapter. I believe in the concept of finishing strong, so let’s keep pace by continuing our DFIR journey with some Network Forensic Analysis Tools (NFAT), which I think you’ll find quite useful.

We’ve done quite a bit of acquisition and analysis thus far including hard drive, storage, RAM and swap file analysis, malware analysis, and even a bit of network packet analysis for the purpose of acquiring, documenting, and analyzing evidence in the hope of finding or recovering artifacts. But let’s go a step further into analyzing packets, protocols, and network communication, as they may also be useful artifacts that can aid us in our DFIR investigations.

On recognizing that some incidents ...

Get Digital Forensics with Kali Linux - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.