Network flow record (NetFlow)
Definition
A summarised record of a network conversation: source IP, destination IP, ports, protocol, byte count, and duration. Flow records do not contain payload content but establish communication patterns between hosts and are a primary evidence type in cyber investigations.
Related terms
- Chain of custody
- The documented chronological record of who collected, handled, transferred, and examined a piece of evidence. For digital evidence, chain of custody includes...
- Cyber forensics
- The branch of forensic science concerned with collecting, preserving, and analysing digital evidence from networked environments for use in legal proceedings. Covers...
- Cybercrime
- Offences where a computer network is the tool or the target. Tool-based cybercrime includes fraud, harassment, and intellectual property theft conducted online....
- Digital forensics
- The discipline concerned with the recovery, preservation, and analysis of evidence stored on physical digital devices. Primary evidence sources are disk images,...
- Indicator of Compromise (IoC)
- An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
Explained in
- Cyber Forensics vs Digital Forensics: Scope and BoundariesA summarised record of a network conversation: source IP, destination IP, ports, protocol, byte count, and duration. Flow records do not contain payload conten...