focus notes
What is network forensics? Explain its contents and tools
table of contents
When there is an information leak or unauthorized operation, it is the IT field that solves the incident.digital forensicsis. There are various types of digital forensics, but with the recent networking of systems and threats,network forensicsis attracting attention. In this article, we will focus on network forensics in digital forensics.
What is digital forensics?
To begin with, forensics comes from a medical term."(Forensic) analysis, investigation"There is a meaning. It may be easier to understand if you imagine a police investigation. When an incident or accident occurs, we preserve, investigate, and analyze the situation at the scene.
Digital forensics, which has the word digital added to it, is used toTechnology to analyze and investigate digital datarefers to In the event of an information leak or unauthorized operation, we protect, investigate, and analyze the information, just like forensics.
The importance of digital forensics
The findings derived from digital forensics are related to the incident.evidence with legal basisIt can be. In addition, to determine the location of liability and the amount of compensation for damages,supporting evidenceIt is also used as It is also important to improve current security measures to prevent incidents from happening again.
Types of digital forensics
There are various types of digital forensics depending on the target to be analyzed, as shown below.
- computer forensics
- network forensics
- mobile forensics
- database forensics
- cloud forensics Such
The field of digital forensics began with computer forensics. This is saved on the HDD in your PC.The purpose is to analyze digital data while giving it evidence.This can be used to restore lost evidence data and use it in case investigations, or to prove that data submitted to court has not been tampered with. Nowadays, this includes restoring data lost due to computer failure or incorrect operation.
On the other hand, in recent years, systems have become cloud-based and threats have become networked.network forensicsis attracting attention.
Computer forensics analyzes data on a computer (disk), while network forensics analyzes the movement of data on a network.“Which terminal sent what, when, by what route?”Contents such asRecorded with integrity maintainedTo do.
Computer forensics and network forensics are two different things.Highly effective when combinedTherefore, it is frequently used in modern forensics.
"Packet capture" necessary for network forensics
Forensic technology cannot always completely clarify everything. In the first place, it is impossible to analyze or preserve data without data. That's why it's important to always keep the data you need in a safe place.
for example,File editing log, external media connection history, Internet browsing history, attack date and timeWithout these, computer forensics will be difficult.
In recent years, there has been an increase in cyberattacks that exploit services that actively use the Internet, application services that assume connections over networks, and IoT. Therefore, around the border with the InternetAggregating and analyzing "various logs left as records of the flow of packet communication on the network"has become common. The tools needed to collect the packets are"Packet capture"It's a device.
*What is a packet?
A packet is a block of data exchanged via a network. Normally, when communicating over a network, information is divided into packets.
Can forensic tools perform packet captures?
There are also systems that use only packet capture. However, the number of recent forensic tools that have a wide range of functions, such as packet capture functions and operation log collection functions, is increasing.
[SSL decryption device]
An important issue when implementing network forensics isSSL encryptionis. Storage services that store data on the cloud are widely used, but these communications are encrypted with SSL, so even if you take a packet capture, you cannot see the contents. Also in recent yearsCyber attack communicationAlso, SSL-encrypted data is becoming mainstream.
Even though SSL communication is originally a secure technology, in the field of forensics (evidence preservation), the contents of encrypted data cannot be confirmed, which poses a major barrier to investigating the cause. To solve this problem,Hardware products that decrypt SSLis used. If you think of this in the field of surveillance cameras, it would play a role similar to X-ray baggage screening at airports.
Network forensics requires advance preparation
How was it? Digital forensics is used to solve incidents in the IT field. Among them, network forensics differs from computer forensics in that network forensics isA mechanism for preserving evidenceis required. If your company is in a position to require accountability in the unlikely event of a data breach, why not consider introducing a network forensics product now?
[Reference site]
・Digital Forensics | National Police Agency Digital Forensics: Technology for preserving evidence during incidents (by Ryoichi Sasaki) | J-STAGE
-
Use email and websites safely! Introducing malware infection countermeasures
-
What is a cyber attack? Explaining the types and examples
-
How many cyber attacks occur in Japan and what are their purposes?
-
What is unauthorized access? Explanation of damage details, causes, and countermeasures
-
Cyber attacks are increasing rapidly in Japan! Consider the reason
-
Invisible cyber attack! Introducing its visualization and countermeasures
Achievements left behind
48 years since its establishment.
We have a proven track record because we have focused on what is important.
It has a long track record in both the public and private sectors.
Number of projects per year
500 PJ
Annual number of business partners/customers
200 companies
Maximum number of trading years
47 years
Total number of qualified persons
1,870 people