Skip to content
Log in

Network forensics

Definition

A sub-discipline of cyber forensics focused on capturing and analysing network traffic, packet captures, and flow records to reconstruct communications and identify attack sources or data exfiltration paths.

Related terms

Chain of custody
The documented chronological record of who collected, handled, transferred, and examined a piece of evidence. For digital evidence, chain of custody includes...
Cyber forensics
The branch of forensic science concerned with collecting, preserving, and analysing digital evidence from networked environments for use in legal proceedings. Covers...
Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
Mutual Legal Assistance Treaty (MLAT)
A bilateral or multilateral treaty under which signatory states agree to assist each other in gathering evidence for criminal investigations. MLATs define...
Order of volatility
The sequence in which digital evidence should be collected, ranked from most to least transient. Defined in RFC 3227. CPU registers and...

Explained in

  • What Is Cyber ForensicsA sub-discipline of cyber forensics focused on capturing and analysing network traffic, packet captures, and flow records to reconstruct communications and ide...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account