Afterword
There are more bits of data flowing across the Internet every day than there are grains of sand on all the beaches in the world. Much like archaeologists, network forensics investigators have a huge environment to explore. We can analyze patterns in the sand, or inspect individual grains. We can search for something buried, or work to understand the larger picture.
Network forensics encompasses an enormously broad range of topics and is conducted for many reasons. With the emergence of the Internet, humanity has created a brand new environment that is more complex than any of us can ever hope to understand. Moreover, this environment is brand new, and as the decades go by, time will add a new dimension.
In the current environment, network forensics is typically undertaken to analyze an ongoing conflict between “attackers” and “defenders.” Often, investigators are working to stop a worm outbreak, investigate a breach, or collect evidence for court. The technical skills needed by network forensic anlaysts are broad and advanced; the same investigator may be called upon to retrive a cached exploit from a web proxy, or to passively sniff wireless traffic and identify suspicious activity.
Over time, network forensics will evolve to incorporate historical research. The packet captures we make today will be analyzed many years from now, and will provide future researchers with glimpses into our lives: From communication methods, social meems, conflicts, resolutions, pictures, and music to technical developments, software languages, network architecture, Internet governance, and more.
In this book, we have attempted to provide an overview of important topics in network forensics today. Each chapter highlights a different aspect of the network environment, and discusses tools and techniques that network forensic analysts can use to dissect it. We could have written a book on any one of these topics. Instead, they are simply overviews designed to provide you with a launching point for further education.
We hope this book inspires you to continue to advance the field of network forensics. The tools you need are right at your fingertips. In the age of ubiquitous connectivity, there is a network to analyze everywhere.