Integrated Network Forensics
Data automatically sent to encrypted forensic storage.
Our processes operate in forensics mode, safely storing duplicate logs for use in litigation and prosecutions.
Discovered and correlated data from a network can be viewed as a topology or network map for attorneys to explain complex network relationships. Our topologies link to detailed discovered data from each network device, which can determine the path taken by an attacker and also identify network vulnerabilities.
Host-based forensics firms use the maps and also the underlying reports to prioritize acquisitions and allocate resources. Discovered relationships provide law enforcement and litigants forensics information unavailable prior to the development of SIEM technology.
Network Forensics and VLANS (Virtual Local Area Networks)
Increasingly networks are incorporate VLANS to address scalability, security, and network management issues.
Because VLANS are virtual, evidence of their existence and configuration is not detectable with host-based forensics tools. Network and SIEM forensic techniques, however, can identify VLAN evidence and VLAN configuratons.
