By John Mounteer, NYSTEC Information Security Consultant
A cybercriminal has just wiped all traces of an attack from your server. Now you’ll never know the source of the attack or the extent of the damage, right?
Not if you have a network forensic investigator on the trail.
The ability to interpret the data in log and capture files and recognize malicious activity in the data is a special skill that requires in-depth knowledge of network and application protocols. This article provides a short introduction to network-based forensic investigations of suspected criminal activity related to information technology systems.