In general Network Forensics entails comprehension of not only the server/servers
themselves but all hardware and media connected to the server to assure
that all data related to the investigation has been retrieved or previewed
as has been determined necessary. A definition of Network forensics
is the capture, recording, and analysis of network events in order to
discover the source of security attacks or other problem incidents.
These problem incidents can of course be concerned with potential litigation
and the retrieval of specific documents. This topic is broad and encompasses
a wide variety of operating systems and topologies. As in all areas
of computer forensics, the examiner has to know where to begin to look
for the information that will be the most useful during the investigative
process.
