Mobile About Slide

Network Forensics


Tracking down unauthorised network access

network forensics analysisOne of the most common forms of computer crime involves outside access of network resources by an entity that has no authority to do so, usually termed “hacking”. This form of computer crime can also include unauthorised internal access of corporate network resources.

Skilled network forensics analysts

Disklabs provides its client base with access to a team of highly skilled network forensics analysts, working tightly to ACPO (Association of Chief Police Officers) guidelines.  The team has access to a range of specialised network forensics technologies, which allow them to monitor, capture and analyse network data in real-time. Disklabs operates a  forensically clean analysis laboratory, which guarantees the integrity of forensics data, ensuring that our forensics results and findings are accurate and dependable.

Disklabs network forensics analysts are trained in both primary network forensics methodologies, both “catch it as you can” and “stop, look and listen” techniques.

The “Catch it as you can” method captures all network traffic which is passing through a particular point of the network.  This requires large amounts of digital data storage and is the slower approach.

The “stop, look and listen” technique involves interrogating each packet in memory and only saving relevant data.  It requires faster data processing capacity but less digital storage.

Network traffic analysis

Before any network forensics can take place a quantity of network traffic will need to be captured. Specialist “packet sniffer” software  is used to collect raw network data.  This is used alongside any existing access logs to form the basis of the network forensics investigation.

Once this data has been collected a technique known as “sessioning” is performed using a protocol analysis tool. This allows the network forensics technician to identify all network activity between selected network start and end points. These types of tools will often contain some form of graphical representation of network activity within the session.

Once the raw network data has been processed using protocol analysis tools the technician is able to visibly interrogate network activity, allowing them to;

• Track down the source of the unauthorised access.

• Discern the scope of the activity performed during the period of access

• Determine the possible dangers of the unauthorised breach.

Disklabs network forensics services are used as both an investigatory and preemptive tool.  Our team can support both criminal and civil investigations or be used by corporations who need to determine areas of weakness.

To arrange a confidential discussion simply call +44(0)1827 50000 today or use our contact form.