From the course: Network Forensics
Join today to access over 23,300 courses taught by industry experts.
Network forensics investigation hardware
From the course: Network Forensics
Network forensics investigation hardware
- [Narrator] Much of forensics evidence resides in network data. Which is why it's a top priority to record the traffic between various devices. Higher end switches and routers come with a port mirroring feature, which allows them to send a copy of all data going through on one port to another. An investigator plugs a network cable into a mirror port, and connects it to a network recorder to capture live packets. The term packet here means, the smallest unit of network data transmitted or received by a NIC at a give time. Enabling port mirroring is as simple as making a few clicks. This table shows that the destination port mirrors the source port network traffic. Don't get disappointed if your device doesn't have a mirroring capability. There are hardware network sniffers like this one. Do you see the arrow with the TAP label? That's where you connect a piece of recording equipment. In wireless networking, eavesdropping is easier because access points, or APs, broadcast their…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.