Examining Network Forensics

Sue Marquette Poremba

Computer forensics have long focused on the end point, like the hard drive or cell phone, where the data is static. Forensics through the network, however, where information is transient and there for only a second or two, can be much more valuable.


Using the ability to check the network in the same way, say, a security camera at a casino can scan everything that is happening on the floor, Peter Schlampp, vice president of marketing and product managment at Solera Networks, explained to me, security personnel can get a much better look at where and when breaches happen, as well as any activity leading up to the breach. Schlampp said:

What network forensics is, is the ability to capture, store, and index 100 percent of the information that goes through the network. At a later time, you can replay it, reconstruct it, analyze it, so you can identify when something bad happens. For example, say you have an insider threat, someone selling commercial property to a third party. With network forensics, you can go back and reproduce the exact documents, e-mails, or VoIP calls just as they were when they went over the network.

While the concept of network forensics isn't new, the market for those who provide network forensic products is still small. To investigate why this is a vital area for improving network security, Gartner published a report, "Network Forensics Market." Some key findings from the report include:

  • The most common use cases for network forensics tools are post-incident analysis and on-demand investigations.
  • The highest value, but least common, use case is proactive situational awareness.
  • The market for network forensics products remains highly differentiated. Key criteria to evaluate include performance (response time) in examining large volumes of stored data, and overall analytical capabilities.

The threat environment has changed, Schlampp said, and network forensics allows companies to have real-time visibility. Yet, it also gives businesses a chance to look at the big picture, such as activity before the breach occurred and what the root cause of the breach was.


Most security efforts start small, Schlampp added, but grow as the enterprise recognizes their importance. Network forensics looks to be on the edge of being an important element in overall data security.

Add Comment      Leave a comment on this blog post
Oct 12, 2011 11:38 AM Josh Josh  says:

This is very true Sue, especially now that technology is advancing at an incredible speed. Network forensics is something that is gaining more and more popularity and can provide intricate information about many things. Adding security, no matter how, is always a safe bet, especially now that technology is becoming more in depth. Thanks for the great read and links that provided even more information. 

Nov 17, 2011 7:28 AM Milia Milia  says: in response to Josh

I agree with you Josh,network forensics is essential to place some sort of control over the network.Very good post Sue


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.