Introduction

Welcome to my blog! Who needs another blog on network security/forensics topic? What is the point of all of this anyway? My goals here are twofold, by writing about this topic I learn more and hopefully you will too. Second, in my work I come across useful tools and techniques for specific tasks. There will be many references to cmdline utilities on various platforms. The emphasis of this blog will be to present these in a format which will allow the reader to experiment and add them to their own toolbox. I welcome any feedback/comments/suggestions/corrections.

Network Forensics encompasses elements of traditional forensic investigation, network security monitoring (NSM) and incident response. It answers questions such as, is that event normal? Should those systems be talking on that protocol? How much data was transferred? By answering questions such as thess the analyst can begin to respond in a efficient and organized manner. Many books have been written on building defensible networks and monitoring them. Here we will explore various implementations and find how the tools work.

In the end this is just another experiment - we'll see how long I can keep this up!