Computer Forensics Network Misuse.
One of the most common forms of computer crime involves outside access of network resources by an entity that has no authority to do so, usually termed “hacking”. This form of computer crime can also include unauthorised internal access of corporate network resources. Disklabs provides its client base with access to a team of highly skilled network forensics analysts, working tightly to ACPO (Association of Chief Police Officers) guidelines. The Disklabs team have access to a whole range of specialised network forensics technologies, which allow them to monitor, capture and analyse network data in real-time. Disklabs operate forensically clean analysis, which guarantees the integrity of forensics data, ensuring that our forensics results and findings are accurate and dependable. Disklabs network forensics analysts are trained in both primary network forensics methodologies, both "catch it as you can" and "stop, look and listen" techniques. Our technicians are provided with a whole range of industry standard network forensics tools to aid in the execution of every network forensics investigation.
There are two primary ways in which network forensics can be approached, the first way is to capture all network traffic which is passing through a particular point of the network; the second way is to interrogate each packet in memory, only saving relevant data. The first method or the "cash it as you can" method requires large amounts of digital storage and is somewhat slower. The second method or "stop, look and listen" method is much faster and requires minimal amounts of digital storage, although it will require significantly more in the way of processing resources.
Before any network forensics can take place a quantity of network traffic will need to be captured, a specialist form of software usually termed a “packet sniffer" is used to collect raw network data; this data alongside any existing access logs forms the basis of the network forensics investigation. Once this data has been collected a technique known as “sessioning” is performed using a protocol analysis tool. This allows the network forensics technician to identify all network activity between selected network start and end points. These types of tools will often contain some form of graphical representation of network activity within the session. Once the raw network data has been processed using protocol analysis tools the technician is able to visibly interrogate network activity, allowing them to track down the source of the unauthorised access, discern the scope of the activity performed during the period of unauthorised access, and finally the network forensics analyst will be able to produce a report detailing the possible dangers of the unauthorised network access.
