What is network forensics?

Taking a closer look at how cyber threats are investigated at a network level

A magnifying glass searching code for fingerprints

If the recent SolarWinds network hack has taught us anything, it’s that anyone can fall victim to a cyber attack.

In fact, 2020 was the busiest year on record for attacks against UK firms, with businesses facing 20% more cyber security threats compared to 2019. Ransomware attacks saw an 80% surge in the third quarter of 2020, web application attacks increased by 800% in the first half of the year.

Although last year's massive shift to remote working has definitely played its part in the rise in incidents, this doesn’t mean that businesses shouldn’t do their best to try to mitigate these threats and their effects. However, instead of investing solely in security tools and hoping for the best, SolarWinds' security advisor and former Facebook CSO Alex Stamos recently advised enterprises to “embrace the inevitability” that they, too, could be hacked.

Speaking at a webcast earlier this month, Stamos recommended taking into consideration the detection, monitoring, alerting, and response strategies and tools on every step of the cyber kill chain.

This ties in perfectly with the notion of network forensics, which focuses on investigating the causes of a breach and using the knowledge to build stronger security which will not only help prevent future attacks but also create a response strategy successful in mitigating the effects of a potential hack.

Although no enterprise wants to share SolarWinds cyber attack experience, it’s definitely possible to learn from this experience by using network forensics. As the company is in the process of “creating a new, highly-secure environment based upon the latest practices”, you too can assess your network security to find out potential flaws and patch them before they’re exploited.

What is network forensics?

Essentially, network forensics is a sub-branch of the practice of digital forensics itself a branch of forensic science - whereby experts and law enforcement look into technology or data that may contain evidence of a crime or attribute evidence to suspects, cross-reference statements or check alibis.

Related Resource

The business guide to ransomware

Everything you need to know to keep your company afloat

The business guide to ransomware - whitepaper from DattoDownload now

Network forensics, unsurprisingly, refers to the investigation and analysis of all traffic going across a network suspected of use in cyber crime, say the spread of data-stealing malware or the analysis of cyber attacks.

Law enforcement will use network forensics to analyse network traffic data harvested from a network suspected of being used in criminal activity or a cyber attack. Analysts will search for data that points towards human communication, manipulation of files, and the use of certain keywords for example.

With network forensics, law enforcement and cyber crime investigators can track communications and establish timelines based on network events logged by network control systems.

Outside of criminal investigations, network forensics are commonly used to analyse network events in order to track down the source of hack attacks and other security-related incidences.

This can involve looking at suspect areas of the network, collecting information on anomalies and network artefacts, and uncovering incidents of unauthorised network access.

There are two methods of overarching network forensics, the first being the "catch it as you can" method, which involves capturing all network traffic for analysis, which can be a long process and requires a lot of storage.

The second technique is the "stop, look and listen" method, which involves analysing each data packet flowing across the network and only capture what is deemed as suspicious and worthy of extra analysis; this approach can require a lot of processing power but does not need as much storage space.

Related Resource

Why UEM is the key to enterprise IT security

A guide to effective endpoint security

Download now

Unlike digital forensics, network forensics are more difficult to carry out as data is often transmitted across the network and then lost; in computer forensics data is more often kept in disk or solid state storage making it easier to obtain.

It is worth noting that privacy and data protection laws restrict some active tracking and analysis of network traffic without explicit permission, so if you are planning to apply network forensics tools be aware that you must comply with privacy laws.

Network forensics can also be used in a proactive fashion to dig out flaws in networks and IT infrastructure, thereby giving IT administrators and information security officers the scope to shore up their defences against future cyber attacks.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

Cyber attacks on manufacturing up 300% in a year
Security

Cyber attacks on manufacturing up 300% in a year

11 May 2021
US fuel pipeline hackers reveal their motive
ransomware

US fuel pipeline hackers reveal their motive

11 May 2021
Apple's AirTag tracker has already been hacked
hacking

Apple's AirTag tracker has already been hacked

10 May 2021
Trend Micro and Snyk team up to combat open source flaws
vulnerability

Trend Micro and Snyk team up to combat open source flaws

10 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021