Archive for October, 2008


Network Forensic Analysis Tools to Assess Network Vulnerabilities

Friday, October 24th, 2008

Every organization today has some type of a network security policy to protect or secure its systems, but when there is a violation of organization policies with vulnerable attacks then forensic analysis plays a crucial role. The evidence in computer forensics may take many forms with the help of network forensic tools.

Many network analysis tools are available nowadays to create a report containing details of potential problems like monitoring network computers for possible vulnerabilities, checking network for all potential methods that a hacker might use to attack etc. Some of the forensic tools are specially designed for networks.

For example: DNA (Distributed Network Attack) a new approach in computer forensic analysis is one of the most efficient forensic tools in recovery of password protected files. The new tool made major advancements in recovery of distributed network system, which were earlier limited to the processing of single machine.

With installation of the DNA tool on the server it will have access to the network and power to processes on different machines to decrypt the passwords. There by the DNA manager is responsible for coordinating the attack, assigning small portions of key search to machines distributed throughout the network. With the use of this forensic tool the liability of client to commit mistakes can be avoided.

There are other forensic tools, some designed for analysis of network activity and some are intended for log aggregation or analysis. Through these forensic tools you can see the services operating over the network like file openings and closing.

Network security audit helps reduce the possibility of network downtime by discovering the security incidents and the attacks through its LAN, WAN or intranet. In terms of network security concerns you can even go for external and internal security audits to identify and eliminate any security vulnerabilities in your systems.

An External network access will test your network devices and servers for vulnerability to a wide range of exploits, viruses, worms and other common internet attacks. Where as internal security audit starts with threat discoveries which include frequent virus outbreaks, unauthorized access to sensitive e-mail or documents etc.

The domain hijacking, machine break-ins, cracking user passwords, retrieval of sensitive documents, and physical access to sensitive hardware or software can also be analyzed with these audits.

Once the analysis or audit is completed you can easily eliminate the network security problems. These are also applied to the storage area networks and network attached storage. With the help of network forensic tool you can identify and respond to computer crimes and policy violations, not just investigating historical incidents.

www.Datatriage.com, a leading expert in Network Forensic Analysis, Network Security Auditing and Network Vulnerability Services.