Afterword

There are more bits of data flowing across the Internet every day than there are grains of sand on all the beaches in the world. Much like archaeologists, network forensics investigators have a huge environment to explore. We can analyze patterns in the sand, or inspect individual grains. We can search for something buried, or work to understand the larger picture.

Network forensics encompasses an enormously broad range of topics and is conducted for many reasons. With the emergence of the Internet, humanity has created a brand new environment that is more complex than any of us can ever hope to understand. Moreover, this environment is brand new, and as the decades go by, time will add a new dimension.

In the current environment, network forensics is typically undertaken to analyze an ongoing conflict between “attackers” and “defenders.” Often, investigators are working to stop a worm outbreak, investigate a breach, or collect evidence for court. The technical skills needed by network forensic anlaysts are broad and advanced; the same investigator may be called upon to retrive a cached exploit from a web proxy, or to passively sniff wireless traffic and identify suspicious activity.