Chapter 9. Network Investigations

Eoghan Casey, Christopher Daywalt, Andy Johnston and Terrance Maguire

Introduction437

Overview of Enterprise Networks439

Overview of Protocols442

⁸A 502 HTTP response code does not necessarily mean that the request failed. The requestor may have obtained some information.

Evidence Preservation on Networks457

Collecting and Interpreting Network Device Configuration458

Forensic Examination of Network Traffic479

Network Log Correlation— A Technical Perspective505

Conclusion516

References516

Introduction

Tracking down computer criminals generally requires digital investigators to follow the cybertrail between the crime scene and the offender's computer. The cybertrail can cross multiple networks and geographical ...

Get Handbook of Digital Forensics and Investigation now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Handbook of Digital Forensics and Investigation by

Eoghan Casey, Christopher Daywalt, Andy Johnston and Terrance Maguire

Contents

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly