Some of the things we learn about this week:

• Network forensics is a part of digital forensics that focuses on monitoring and analysing network traffic. Its purpose is for intrusion detection/prevention, information gathering and legal evidence.
• Some differences regarding a traditional computer forensics and network forensics. On computer forensics, data does not change much on daily usage, the evidences are contained within the file system, it is easy to perform a forensically sound acquisition and that seizing one or several computers would not impact the business deeply. On network forensics though, data changes constantly, on some cases the evidences may exists only on RAM, the fact that most network devices does not have non-volatile storage and that taking network devices would be problematic (to the business).
• A Digital Evidence, according to the National Institute of Justice US, is “Information stored or transmitted in binary form that may be relied on in court”.
• We briefly learned about two investigative methodology; OSCAR and TAARA. OSCAR includes 5 main steps, “Obtain Information”, “Strategize”, “Collect Evidence”, “Analyze” and “Report”.