Network Forensics is a sub-branch of digital forensics concerning the capture, recording, and analysis of network events with the purpose of discovering the source of security attacks, information gathering, and find legal evidence.

There are a lot of resources that can be used as evidence such as CCTV, emails, logs, browser history, cache files, ISP’s logs, etc. These evidences can be categorized as real, best, direct, circumstantial, hearsay, and business records.

There are 2 investigation methods in network forensics:

OSCAR:

• Obtain Information
• Strategize: identify possible source of evidence and estimate cost to obtain it
• Collect evidence
• Analyze
• Report

TAARA:

• Trigger: incident that leads to investigation
• Acquire: collect evidence
• Analysis
• Report
• Action