Klementinus Kennyvito Salim

There are different sources of network evidence, which includes DHCP Server, DNS server, routers, switches, and others.

DHCP (dynamic host configuration protocol) Servers that assign IP addresses to LAN station instantly.

Domain Name System (DNS) server is where names of websites are stored, to direct to a specific IP , without having to enter the difficult IP Addresses. It is much simpler to enter a website name rather than typing in the IP address.

Switch is in the OSI Layer 2, whereas router is in the OSI Layer 3. A switch is capable of getting Mac address of the devices, whereas routers are able to get the IP address.

Network forensics is the analysis and report of network traffic that is being monitored. Usually it is for information gathering, evidence gathering, and also detection/prevention of an attack.

There are 2 types of investigative methods. One example is OSCAR which stands for Obtain information, Strategize, Collect evidence, Analyze, Report. Another example is TAARA which stands for Trigger, Acquire, Analyze, Report, Act.