Читать книгу Security Issues and Privacy Concerns in Industry 4.0 Applications - Группа авторов - Страница 33

Network forensics (NF) is a crucial sub-branch of digital forensics (DF), itself a branch of forensics science, in which experts and law enforcement capture, record and analyze network events, and discover the source of attacks and cyber incidents [4] that enhance security in the cyber environment. Simson Garfinkel writes, “network forensics systems can be one of two kinds either catch-it-as-you-can or stop, look and listen to system” [5]. Catch-it-as-you-can is a network approach in which packages pass through a certain traffic point, catch packages, and subsequently store analysis in batch mode. The approach requires a huge amount of memory storage that usually involves a Redundant Array of Inexpensive Disks or Redundant Array of Independent Disks (RAID) system. On the other side, Stop, Look, and Listen is a network approach in which individual package analysis is carried out in an initial way; only certain information stores in the memory for future analysis. Undoubtedly, this type of method used less memory storage but needs more processing power to tackle the incoming traffic on the network environment.

In computer forensics, data is more often seized in disk storage, which makes it easier to obtain; unlike DF, NF is more difficult to carry out data while it is transmitted across the network and then lost in a short time [6]. Anyone planning to apply NF tools for analysis data needs to know about the privacy laws; privacy and data protection laws restrict active tracking as well as analysis of network traffic without explicit permission. In the network and IT infrastructure, NF is used in a proactive fashion to dig out flaws; however, the scope includes shoring up defenses by the officers of information security and IT administrators against future cyber-attacks.