Comments on: Computer Forensics vs. Network Forensics http://www.breachbytes.com/2008/01/08/computer-forensics-vs-network-forensics/ Network Forensics | Network Monitoring | Incident Response Sat, 22 Nov 2008 21:03:40 +0000 http://wordpress.org/?v=2.5.1 By: Stephen Smoogen http://www.breachbytes.com/2008/01/08/computer-forensics-vs-network-forensics/#comment-32 Stephen Smoogen Tue, 22 Jan 2008 20:03:10 +0000 http://www.BreachBytes.com/2008/01/08/computer-forensics-vs-network-forensics/#comment-32 I think that the methodologies in both cases are ones that need much ironing out. Having spent some time on both.. human error is what takes up the most time in trying to get around. Did you miss a netflow that was important? Was the netflow you just spent 8 hours analyzing a false lead? Where did the bad-guys mislead you? In too many cases, each investigation seems to be a completely new thing where tons of stuff gets invented again. Having ways to centralize and replicate actions are always a win with network forensics... and too many tools are not able to do that. I think that the methodologies in both cases are ones that need much ironing out. Having spent some time on both.. human error is what takes up the most time in trying to get around. Did you miss a netflow that was important? Was the netflow you just spent 8 hours analyzing a false lead? Where did the bad-guys mislead you? In too many cases, each investigation seems to be a completely new thing where tons of stuff gets invented again.

Having ways to centralize and replicate actions are always a win with network forensics… and too many tools are not able to do that.

]]>