Network Forensics: Lesson Plans

  • Izzat Alsmadi
  • Robert Burdwell
  • Ahmed Aleroud
  • Abdallah Wahbeh
  • Mahmood Al-Qudah
  • Ahmad Al-Omari
Chapter

Abstract

A forensic investigator who is analyzing computer equipment for possible evidences, will search different locations for possible traces. We described in other chapters the types of evidences that can be found in disks or operating systems. There are some network or Internet traces that can be found in Internet browsers’ history. From an OSI perspective, such information is typically in the higher layers (i.e. layer 7). Network forensics focus on searching, monitoring and/or analyzing network components, (i.e. switches, routers, firewalls, wireless, Intrusion detection/prevention systems IDS/IPS) for possible forensic evidences. In many cases, it is important to correlate some information from a host with information collected from the network to make sure that a host or some of its artifacts were not tampered by suspect or intruders.

We will divide this chapter based on those five previously mentioned components.

References

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Izzat Alsmadi
    • 1
  • Robert Burdwell
    • 1
  • Ahmed Aleroud
    • 2
  • Abdallah Wahbeh
    • 3
  • Mahmood Al-Qudah
    • 4
  • Ahmad Al-Omari
    • 5
  1. 1.Texas A&M University San AntonioSan AntonioUSA
  2. 2.Department of Computer Information SystemsYarmouk UniversityIrbidJordan
  3. 3.Slippery Rock University of PennsylvaniaSlippery RockUSA
  4. 4.Yarmouk UniversityIrbidJordan
  5. 5.Schreiner UniversityKerrvilleUSA

Personalised recommendations