Three essential capabilities are required to properly facilitate network forensics:
Data Capture and Recording: The ability to capture and store multiple terabytes of data from high-throughput networks, including 10G and even 40G, without dropping or missing any packets.
Data Discovery: Once data are recorded on the storage media, the solution should provide a means of filtering particular items of interest, for example, by IP address, application, context, etc. IT engineers rely on discovery tools for sifting through terabytes of data to find specific network conversations or individual packets in a timely fashion.
Data Analysis: Automated analysis, including expert analysis that explains the context of network events, helps IT engineers quickly identify anomalous or otherwise significant network events. Once these are identified, they can go in and make the appropriate fix.
Network forensics is the process of capturing, storing and analyzing activity that takes place on a computer network. While it’s often associated with solving network security breaches, the practice can also help solve far more common network issues, like spikes in utilization, drops in VoIP call quality, identifying rogue activity, and improving both network and application performance.
In this slideshow, WildPackets, provider of network and application performance analysis solutions, explains the basics of network forensics and how it can be used to improve network performance at all organizations.