CINXE.COM
What is Network Forensics? Definition & Basics - ManageEngine NetFlow Analyzer
<!doctype html> <html> <head> <title> What is Network Forensics? Definition & Basics - ManageEngine NetFlow Analyzer </title> <meta name="description" content="Network forensics is the process of capturing and analyzing the network traffic to investigate security attacks. Learn more about ManageEngine NetFlow Analyzer!"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="author" content="ManageEngine"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <!--[if lt IE 9]><script src="https://www.manageengine.com/js/html5shiv.js"></script><![endif]--> <link href="//www.manageengine.com/favicon.ico" rel="shortcut icon"> <script type="text/javascript" src="https://www.manageengine.com/js/ipcallback-new.js"></script> <link rel="stylesheet" type="text/css" href="https://www.manageengine.com/css/me-v1.css?v2"> <link rel="stylesheet" type="text/css" href="/products/netflow/style/prd-style.css"> <link rel="canonical" href="https://www.manageengine.com/products/netflow/what-is-network-forensics.html" /> <link rel="stylesheet" href="https://www.manageengine.com/products/netflow/style/swiper/swiper.css" /> <style> h1, h2, h3, h4, h5, h6 {margin:0;} .left-tree {display:flex;} .rhs-cont {flex:1;} .menuhead > h2 {line-height:40px;margin:0;} h2 {margin:0 !important;} .container {max-width:1400px;} .banner {position:relative;background:#ffd242;margin-top:32px;} .banner-row {display: -ms-flexbox;display: -webkit-flex; display: flex;align-items:center;justify-content: center;} .banner-row > .col {padding: 2rem 1rem;position:relative;} .banner-row > .col:nth-child(1){width:99%;} .banner-row > .col:nth-child(2){width:1%;} .banner-contents > h1 {margin-bottom:16px;font-size: 32px;} .banner-contents > p {margin:0;margin-bottom:16px;line-height:24px;font-size:16px;} .banner-cta {display:flex;gap: 16px;} .banner-cta > a {background:#282828;display:inline-block;border:1px solid #282828;color:#fff;font-size:14px;padding:8px 24px;border-radius:6px;-webkit-transition:all .3s ease-in-out;} .banner-cta > a:hover {text-decoration:none;background:#545454;border:1px solid #545454;} .banner-cta > a:nth-child(2) {background:transparent;color:#000;} .banner-cta > a:nth-child(2):hover {background:#fff;color:#000;} .rhs-cont {padding-top:0;padding-bottom:0; padding: 30px 0 40px 4%;} .sec-row {position:relative;} .sec-row > h2 {margin-bottom:24px !important; } .sec-row p {margin:0;margin-bottom:15px;} .sec-row p:nth-last-child(1) {margin-bottom:0;} .notebox {background: #fff9d9;margin:0;} .name-card span {font-weight: 600;} .name-card p {margin: 0px;margin-top: 5px;font-style: italic;} .row2 > .col {flex:none !important;box-sizing:border-box;} .row2 > .col:nth-child(1){width:60%;} .row2 > .col:nth-child(2){width:36%} .data-sheet-con {display:flex;flex-direction:column;align-items:center;padding:20px;box-sizing:border-box;border-left:1px solid #f3f3f3;text-align:center;} .data-sheet-con > a {display:block; transition: all .3s ease-in-out;} .data-sheet-con > a:hover {box-shadow: 0 0 16px 0 #ddd;} .data-sheet-con > a > img {width:100%;max-width:175px;border:1px solid #eee;} .inner-nav-bg {background:#f9f9f9;text-align:center;z-index: 3;padding:20px 0;margin-bottom:24px;} .sticky {position: sticky !important;top: 100px;} .inner-nav-bg > .sec-title > h2 {margin-bottom:8px;} .nav-inner {display:inline-flex;gap:16px;flex-wrap:wrap;justify-content:center;} .nav-inner > a {border: 1px solid #cde0e9;display:inline-block;padding:2px 12px;border-radius: 4px;background: #fff;} .flex-row:before, .flex-row:after{content:'';display:table;clear:both;} .flex-row, .key-benefits-row{display: -webkit-box; display: -moz-box;display: -ms-flexbox;display: -webkit-flex; display: flex;padding:0;align-items:center;} .flex-row .col {flex:1;/*-webkit-box-shadow:0 0 8px 0 #f6f4f4;box-shadow:0 0 8px 0 #f6f4f4;*/padding:16px;} .reverse {flex-direction:row-reverse;} .sec-title {margin-bottom:20px;} .sec-title > h2 {position:relative;margin:0;} .main-wrapper .flex-row > .col {-webkit-box-shadow:none;box-shadow:none;} .main-wrapper > .sec-row:nth-child(even) .flex-row {flex-direction:row-reverse;} .sec-img-con {text-align:center;} .zoomicon {-webkit-box-shadow:16px 16px 16px 0 #f6f6f6;box-shadow:16px 16px 16px 0 #f6f6f6;} .dwnld-sec {background:#ffedb5;;padding:24px;text-align:center;border-radius:16px;-webkit-box-shadow:0 0 24px 0 #f1f1f1;box-shadow:0 0 24px 0 #f1f1f1;} .dwnld-sec > h2 {margin:0;margin-bottom:16px !important;line-height:32px;} .dwnld-sec > a {display:inline-block;background:#e9152b;color:#fff;padding:8px 24px;border-radius:25px;font-size:14px;-webkit-transition:all .3s ease-in-out;transition:all .3s ease-in-out;} .dwnld-sec > a:hover {text-decoration:none;background:#c91c2e;} .more-fea {display:flex;align-items:center;justify-content:center;} .more-fea > a {display:flex;flex:1;align-items:center;border: 1px solid #e9f1f7;margin:8px;min-height: 50px;border-radius:16px;padding: 16px;-webkit-transition:all .3s ease-in-out;transition:all .3s ease-in-out;background:#fff;} .more-fea > a:hover {text-decoration:none;-webkit-box-shadow:0 8px 24px 0 #e7e5e5;box-shadow: 0 8px 24px 0 #e7e5e5;background:#f9f9f9;border:1px solid #dbdbdb;} .more-fea > a > img {max-width:40px;padding-right:16px;} /* start */ .main-wrapper .sec-row{padding: 0px 0px 10px;} .main-wrapper .sec-row .sec-title { margin-bottom: 10px;} .gartner-logo > img {max-width:200px;} .ct-itom {width:87%;max-width:1000px;margin:0 auto;border:1px solid #ececec;padding:12px;border-radius:8px;} .prodcut-name {background:#ececec;display:inline-block;padding:4px 12px;} .ct-itom p, .ct-itom h3 {margin:0;} .ct-itom h3{margin:8px 0;} .ct-itom > .desc {margin-top:16px;} .industry-name {color:#5a5a5a;font-style:italic;} .ct-itom > a {display:inline-block;padding:8px 16px;background:#525252;color:#fff;border-radius:32px;margin-top:16px;transition:all .3s ease-in-out;} .ct-itom > a:hover {text-decoration:none;background:#f51a1c;} .itom-wrapper {position:relative;background:#fff;-webkit-box-sizing:border-box;box-sizing:border-box;/*-webkit-box-shadow:0px 0px 4px rgb(34 35 58 / 20%);box-shadow:0px 0px 4px rgb(34 35 58 / 20%);*/} .review-details > span {display:inline-block;box-sizing: border-box;padding:4px 12px;border-radius:8px;} .review-details > .rev-role {background: #faefef;margin-right:8px;} .review-details > .rev-role > strong {padding-right:8px;} .review-details > .company-size {background:#eef3fd;} .review-content {width:87%;margin:0 auto;border:1px solid #ececec;padding:12px;border-radius:8px;} .review-prd {font-weight:400;font-size:16px;border-bottom:3px solid #e8e8e8;} .review-head {font-size:16px;font-weight:500;margin-bottom:4px;line-height:30px} .review-org {margin-bottom:8px;font-style:italic;} .review-desc {position:relative;font-size:16px;line-height:32px;margin-bottom:8px;} .review-desc, .gartner-logo {padding:12px 24px;} #AwardsHonors ul{ margin: 0;gap:16px;list-style:none; display: flex; flex-wrap: wrap; align-items: normal; width: 100%; justify-content: center;box-sizing:border-box; } #AwardsHonors ul li{display:inline-block;padding:0 10px;vertical-align:top;width:28%;box-shadow: 0 0 6px 0px rgb(229 229 247);} #AwardsHonors ul li a{color:#000;display:block;} #AwardsHonors ul li a:hover{color:#138cd6;} #AwardsHonors ul li span{display:block; height: calc(100% - 240px);} #AwardsHonors ul li:nth-child(1) img{max-width:100px;} #AwardsHonors ul li:nth-child(2) img{max-width:100px;} #AwardsHonors ul li:nth-child(3) img{max-width:110px;} #AwardsHonors ul li:nth-child(4) img{max-width:130px;} #AwardsHonors ul li:nth-child(5) img{max-height:120px;} .btn{padding:5px 0;} .div-awards-img{min-height:85px;border-bottom:solid 1px #ddd;padding:30px 0; display: flex !important; align-items: center; justify-content: center;} .div-awards-ct {padding:15px 0;} .div-awards-ct {padding: 15px 0;min-height: 130px;} ul.custom-listed li{margin-bottom: 10px;} ul.custom-listed2 li{margin-bottom: 15px;} .swiper-cover { margin: 40px auto 20px; } #AwardsHonors ul li span { font-size: 15px; display: flex !important; justify-content: center; background: #ffffff; } .div-awards-ct { padding: 30px 15px; min-height: 90px; } .align1 > h2 {margin-bottom:24px;text-align:center;} .img-wrapper {margin: 0px auto;display: block;text-align: center;} .img-wrapper img { max-width: 490px; border: 1px solid #ddd; padding: 20px; } .sub-heading { margin: 30px 0px !important; } /* end */ @media screen and (max-width: 1024px) and (min-width: 761px) { .banner-row {flex-wrap:wrap;} .banner-row > .col {width:100% !important;} #AwardsHonors ul li {width:45% !important;} } @media screen and (max-width: 650px){ .flex-row, .key-benefits-row, .banner-row, .more-fea {flex-wrap:wrap;} .flex-row .col, .key-benefits-row .col, .banner-row .col, .more-fea > a {width: 100% !important;margin: 0 auto;flex:auto;margin:8px} .sec-row {width:95%;margin:0 auto;padding:0px 0px;} .banner-cta {flex-wrap:wrap;} #AwardsHonors ul li {width:100% !important;} .sticky {position:relative !important;top:0;} } h1{ font-size: 20px; line-height: 45px; color: #333; letter-spacing: -1px; } </style> <style> .faqh { font-size: 18px; margin: 0; } .accordion_head.active {background: #F9F9F9;color: #85b536 !important;} .accordion_container {width: 100%;} .accordion_head { color: #09C;cursor: pointer;font-size: 14px;margin: 0 0 1px 0;padding:12px;font-family: 'Open Sans',sans-serif;border-bottom: 1px solid #efefef;position: relative; } .accordion_body {background: #F9F9F9;padding: 12px;} .accordion_body p{margin: 0px;} .plusminus{font-size: 20px;position: absolute;right: 20px;top: 10px;} .quotes{display:block;padding:20px;width:90%;margin-top:25px;margin-bottom: 10px} .quotes .row{margin:15px;background:#f8f8f8;padding:50px;position:relative;text-align:left;} .quotes .row :before, .quotes .row :after{content:"";background: url(images/quote-begin.png) top left no-repeat;width:125px;height:85px;} .quotes .row :before{content:"";position:absolute;top:-35px;left:-35px;transform:scale(.7);-webkit-transform:scale(.7);-moz-transform:scale(.7)} .quotes .row :after{content:"";position:absolute;bottom:-35px;right:-35px;transform:scale(.7) rotate(180deg);-webkit-ransform:scale(.7) rotate(180deg);-moz-ransform:scale(.7) rotate(180deg);} .quotes h3{font-size:14px;margin:0;line-height:25px;padding-bottom:15px;} .quotes p{margin:0;color:#a5a5a5;font-style:italic;font-size:13px;line-height:20px;width:70%;float:left} .cus-logo{background: url(images/nfa-customers-logo.jpg) top center no-repeat;display:inline-block;margin-top:5px; mix-blend-mode:multiply;} .wipro-logo {background-position:0 -155px;width:152px;height:65px;} .icon-list li{list-style-type:none;} .brd{border:1px solid #ccc} .margin{margin-top:35px} .sec-img-con img {border: 1px solid #dddd; max-width: 96%;} .sec-title > h2 {position:relative;} .sec-title > h2:after {content:"";position:absolute;width: 65px;height:5px;background: #ffd242;left:0;bottom: -10px;} .flex-row:before, .flex-row:after{content:'';display:table;clear:both;} .flex-row, .key-benefits-row{display: -webkit-box; display: -moz-box;display: -ms-flexbox;display: -webkit-flex; display: flex;align-items:center;padding:0;} .flex-row .col:nth-child(1){width:55%;} .flex-row .col:nth-child(2){width:45%;} /* .reverse {flex-direction:row-reverse;} */ .main-wrapper > .sec-row:nth-child(odd) .flex-row > .col:nth-child(1) {margin-right:32px;} .main-wrapper > .sec-row:nth-child(even) .flex-row > .col:nth-child(2) {margin-left:32px;} .btn-section {background: #f8f8f8;padding: 12px 30px;} .get-btn a{padding: 20px;display: inline-block; font-weight: 500; text-align: center; white-space: nowrap; vertical-align: middle; -webkit-user-select: none; -moz-user-select: none; -ms-user-select: none; user-select: none; border: 0px; padding: 5px 30px; font-size: 16px; letter-spacing: 0.4px; line-height: 45px; border-radius: 0px; color: #1b1f2e; cursor: pointer; z-index: 5; -webkit-transition: all 0.4s ease-out 2s; -moz-transition: all 0.4s ease-out 2s; -ms-transition: all 0.4s ease-out 2s; -o-transition: all 0.4s ease-out 2s; transition: all 0.4s ease-out 2s; background-color: #ffcc00; position: relative;} .get-btn a:hover{ background-color: #444444; color: #fff; transition: all 0.4s ease-out 2s; text-decoration: none;} .icon-list { display: flex; flex-wrap: wrap; align-items: normal; width: 100%; justify-content: center; padding: 0px !important; } .icon-list li { list-style-type: none; position: relative; padding-left: 105px !important; border: 1px dashed #ddd; min-height: 120px; align-items: center; justify-content: left; width: 36%; display: flex; margin: 10px 10px; padding: 0px 10px; } .icon-list li span { position: absolute; top: 50%; left: 15px; height: 70px; width: 70px; background: #f8f8f8; border-radius: 50px; display: flex; align-items: center; justify-content: center; border: 1px solid #f5f3f3; margin-top: -35px; } .icon-list li p{margin: 10px 0px;} .icon-list li span img{max-width: 38px !important;} .icon-section .col{width: 50% } .icon-section .flex-row{ display: -webkit-box;} .col{margin: 1% 1% 1% 1.6%;} .sec-row { margin: 30px 0px; } .more-op-fea { display: grid; gap: 15px; grid-template-columns: repeat(2, minmax(0, 1fr)); } .more-op-fea > a { align-items: center; border: 1px solid #e9f1f7; margin: 8px; min-height: 50px; border-radius: 10px; padding: 16px 30px; -webkit-transition: all .3s ease-in-out; transition: all .3s ease-in-out; background: #fff; } .more-op-fea > a:hover { text-decoration: none; -webkit-box-shadow: 0 8px 24px 0 #e7e5e5; box-shadow: 0 8px 24px 0 #e7e5e5; background: #f9f9f9; border: 1px solid #dbdbdb; } .more-op-fea > a > img { max-width: 36px !important; padding-right: 12px; } .more-op-fea > a span:last-child { margin: 10px 0px; display: block; font-size: 14px; color: #09C; } .more-op-fea > a span { font-size: 16px; color: #444; } .vid-con { max-width: 680px; margin: 0 auto; } .vid-con > iframe { width: 100%; height: 385px; border: 0; box-shadow: 0 0 12px 0 #ddd; border-radius: 8px; margin: 30px auto 30px; display: block; } @media (max-width: 900px) { .vid-con > iframe { width:100% } } @media screen and (max-width: 650px) { .more-op-fea > a { text-align: left; } .flex-row, .banner-cta { flex-wrap: wrap; } } @media screen and (max-width: 949px) { .more-op-fea { grid-template-columns: repeat(1, minmax(0, 1fr)); } .more-op-fea > a span:last-child { justify-content: left; display: flex; } .more-op-fea > a > img { max-width: 30px; } } @media screen and (max-width: 767px) { .icon-section .col { width: 100% !important; } .flex-row .col:nth-child(1) { width: 100%; } .flex-row .col:nth-child(2) { width: 100%; } .rhs-cont{ padding: 30px 0 40px 0%;} } @media screen and (max-width:767px){ .icon-section .col{width: 100% !important;} .flex-row .col:nth-child(1){width: 100%;} .flex-row .col:nth-child(2){width: 100%;} .main-wrapper .flex-row{display: block;} .icon-section .flex-row{display: block;} .main-wrapper > .sec-row:nth-child(even) .flex-row > .col:nth-child(2){margin-left: 0px;} .icon-list li {width: 100%;} } @media screen and (min-width:768px) and (max-width:1024px) { .icon-list li {width: 100%;} } @media screen and (min-width:1025px){ .icon-list li {width: 31% !important; padding: 0px 10px;} } </style> <style> .refer-res { list-style-type: none; margin: 10px 0 0 0; padding: 0!important } .refer-res li { border-top: 1px solid #ececec; list-style-type: none; margin: 0; padding: 0 } .refer-res li a { color: #777; padding: 7px 0 7px 10px; display: block; text-decoration: none } .refer-res li a:hover { color: #000; text-decoration: none } #lhsBanCon { margin: 20px 0 20px 0; } </style> </head><body> <div class="pop-box"> </div><div class="pop-container"> </div> <header> <div id="commonHeader"> <div id="header-topsec"> </div> <div class="" id="MEmobPanel"> <div id="MEdropPanel"> </div> </div> <div id="header-mainsec"> <div class="headerinner"> <div class="clearfix head-container"> <div class="fl prdLogo"> <a class="nfalogosvg" href="https://www.manageengine.com/products/netflow/"><img title="Bandwidth Monitoring & Traffic Analysis - ManageEngine NetFlow Analyzer" alt="Bandwidth Monitoring & Traffic Analysis - ManageEngine NetFlow Analyzer" src="https://www.manageengine.com/images/logo/netflowanalyzer.svg"/></a> </div> <div class="fr"> <nav> <div class="nav-dwn fr"><a href="/products/netflow/download.html" title="Download ManageEngine NetFlow Analyzer">Download <span class="nav-dwn-icon"> </span></a></div> <div class="fr pr"> <ul class="nav header-nav productmenu clearfix" itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement"> <li id="over"><a href="/products/netflow/" title="Overview">Overview</a></li> <li id="fea"><a href="/products/netflow/features.html" title="Features">Features</a></li> <li id="demo"><a href="/products/netflow/demo-form.html" title="Demo">Demo</a></li> <li id="quote"><a href="/products/netflow/getquote.html" title="Get Price Quote">Get Price Quote </a></li> <li id="price"><a href="/products/netflow/netflow-analyzer-editions.html" title="Editions">Editions</a></li> <li id="roadMap" style="display: none;"><a href="/products/netflow/roadmap.html" title="Road Map">Road Map</a></li> <li id="res"><a href="/products/netflow/resources.html" title="Support & Resources">Support & Resources</a></li> <li id="cust"><a href="/products/netflow/customers.html" title="Customers">Customers</a></li> </ul> </div> </nav> </div> <div class="menuIcon menu2ResBlk" id="MEmobile"><span class="s-icon icon-s-menu"> </span></div> </div> </div> </div> </div> </header> <section> <div class="heading-menu"> <div class="container"> <h2>Network Forensics Definition</h2> <div class="breadcrumb"><a href="/products/netflow/">Home</a> » <a href="/products/netflow/features.html">Features</a> » Network Forensics Basics</div> </div> </div> </section> <section> <div class="container inner-cont clearfix" id="scroll"> <div class="lhs-tree" id="itom-nfa-lhs"> <ul id="lhsTree"> <li id="fea-bm"><span>Bandwidth Management</span> <ul> <li id="fea-bm-bmon"><a href="/products/netflow/bandwidth-monitoring.html" title="Network Bandwidth Monitor">Bandwidth Monitoring</a></li> <li id="fea-bmt"><a href="/products/netflow/bandwidth-monitoring-tools.html" title="Bandwidth monitoring tools">Bandwidth Monitoring Tools</a></li> <li id="fea-bm-dep"><a href="/products/netflow/department-wise-bandwidth-monitoring-using-netflow-analyzer.html" title="Department-wise Monitoring">Department-wise Monitoring</a></li> <li id="fea-bm-bnm"><a href="/products/netflow/bandwidth-management.html" title="Network Bandwidth Management">Network Bandwidth Management</a></li> <li id="remote-wnm"><a href="https://www.manageengine.com/products/netflow/wireless-network-controller-monitoring.html" title="Wireless Network Controller Monitoring">Wireless Network Controller Monitoring</a></li> <li id="fea-bm-bc"><a href="/products/netflow/control-bandwidth.html" title="Bandwidth Control">Bandwidth Control</a></li> <li id="fea-bm-hogs"><a href="/products/netflow/5-steps-to-resolve-bandwidth-hogs.html" title="Getting rid of bandwidth hogs">Getting Rid of Bandwidth Hogs</a></li> <li id="fea-bm-opti"><a href="/products/netflow/optimize-performance.html" title="Optimize Performance">Optimize Performance</a></li> <li id="fea-bm-threshold"><a href="/products/netflow/threshold-based-alerts.html" title="Threshold Based Alert">Threshold Based Alert</a></li> <li id="fea-bum"><a href="/products/netflow/bandwidth-usage-monitor.html" title="Bandwidth usage monitor">Bandwidth Usage Monitor</a></li> <li id="fea-mbu"><a href="/products/netflow/how-to-measure-bandwidth-usage.html" title="How to Measure Bandwidth Usage">How to Measure Bandwidth Usage</a></li> <li id="fea-bc"><a href="/products/netflow/bandwidth-consumption.html" title="Bandwidth Consumption">Bandwidth Consumption</a></li> <li id="fea-network-utilization"><a href="/products/netflow/network-utilization-monitoring.html" title="Network Utilization Monitor">Network Utilization Monitor</a></li> <li id="fea-mon-bandwidth"><a href="/products/netflow/how-to-monitor-bandwidth-usage-on-your-network.html" title="Monitor Bandwidth Usage on Network">Monitor Bandwidth Usage on Network</a></li> <li id="fea-ent-bandwidth"><a href="/products/netflow/enterprise-bandwidth-monitoring.html" title="Enterprise Bandwidth Monitoring">Enterprise Bandwidth Monitoring</a></li> <li id="fea-cbc"><a href="/products/netflow/cisco-bandwidth-control.html" title="Cisco Bandwidth Control">Cisco Bandwidth Control</a></li> <li id="fea-balerts"><a href="/products/netflow/bandwidth-alerts.html" title="Bandwidth Alerts">Bandwidth Alerts</a></li> <li id="fea-cbm"><a href="/products/netflow/cisco-bandwidth-monitoring.html" title="Cisco Bandwidth Monitoring">Cisco Bandwidth Monitoring</a></li> <li id="fea-wbm"><a href="/products/netflow/wireless-bandwidth-management.html" title="Wireless Bandwidth Management">Wireless Bandwidth Management</a></li> <li id="simulate"><a href="/products/netflow/simulate-netflow.html" title="Simulate NetFlow">Simulate NetFlow</a></li> <li id="noc"><a href="/products/netflow/noc-monitoring.html" title="NOC Monitoring">NOC Monitoring</a></li> </ul> </li> <li id="traffic"><span>Traffic Analysis</span> <ul> <li id="traffic-nta"><a href="/products/netflow/network-traffic-analysis.html" title="Network Traffic Analysis">Network Traffic Analysis</a></li> <li id="traffic-nfatm"><a href="/products/netflow/network-traffic-management.html" title="Network Traffic Management">Network Traffic Management</a></li> <li id="traffic-bnta"><a href="/products/netflow/best-network-traffic-analyzer.html" title="Best Network Traffic Analyzer">Best Network Traffic Analyzer</a></li> <li id="traffic-rntm"><a href="/products/netflow/real-time-network-traffic-monitor.html" title="Real-time network traffic monitor">Real-time Network Traffic Monitor</a></li> <li id="traffic-ntm"><a href="/products/netflow/network-traffic-monitor.html" title="Network Traffic Monitoring">Network Traffic Monitor</a></li> <li id="traffic-ntc"><a href="/products/netflow/network-traffic-control.html" title="Network Traffic Control">Network Traffic Control</a></li> <li id="traffic-num"><a href="/products/netflow/network-usage-monitor.html" title="Network Usage Monitor">Network Usage Monitor</a></li> <li id="traffic-tms"><a href="/products/netflow/traffic-monitoring-software.html" title="Traffic Monitoring Software">Traffic Monitoring Software</a></li> <li id="traffic-nat"><a href="/products/netflow/network-analysis-tool.html" title="Network Analysis Tools">Network Analysis Tools</a></li> <li id="traffic-router"><a href="/products/netflow/router-traffic-monitoring.html" title="Router traffic monitoring">Router Traffic Monitoring</a></li> <li id="traffic-server"><a href="/products/netflow/server-traffic-monitoring.html" title="Server traffic monitoring">Server Traffic Monitoring</a></li> <li id="traffic-asa"><a href="/products/netflow/cisco-asa-traffic-monitoring.html" title="Cisco ASA Monitoring">Cisco ASA Monitoring</a></li> <li id="traffic-avc"><a href="/products/netflow/cisco-avc-monitoring.html" title="Cisco AVC Monitoring">Cisco AVC Monitoring</a></li> <li id="cisco-router"><a href="/products/netflow/cisco-router-monitoring.html" title="Cisco Router Traffic Monitoring">Cisco Router Traffic Monitoring</a></li> <li id="traffic-cstm"><a href="/products/netflow/cisco-switch-traffic-monitoring.html" title="Cisco Switch Traffic Monitoring">Cisco Switch Traffic Monitoring</a></li> <li id="traffic-atgm"><a href="/products/netflow/network-layout-using-google-maps.html" title="Analyze traffic using Google maps">Analyze Traffic Using Google Maps</a></li> <li id="traffic-rwtm"><a href="/products/netflow/web-traffic-monitor-software.html" title="Web traffic monitor">Web Traffic Monitor</a></li> <li id="traffic-protoanal"><a href="/products/netflow/network-protocol-analyzer.html" title="Protocol Analyzer">Protocol Analyzer</a></li> <li id="traffic-pam"><a href="/products/netflow/protocol-and-application-monitoring.html" title="Protocol & Application Monitoring">Protocol & Application Monitoring</a></li> <li id="traffic-nbar"><a href="/products/netflow/nbar.html" title="Network Based Application Recognition(NBAR)">Network Based Application Recognition(NBAR)</a></li> <li id="traffic-nbarmon"><a href="/products/netflow/nbar-monitor.html" title="NBAR Monitoring">NBAR Monitoring</a></li> <li id="traffic-voip"><a href="/products/netflow/voip-monitor.html" title="VOIP Monitoring">VoIP Monitoring</a></li> <li id="traffic-sstm"><a href="/products/netflow/site-to-site-traffic-monitoring.html" title="Site to Site Traffic Monitoring">Site to Site Traffic Monitoring</a></li> <li id="traffic-itmnbar"><a href="/products/netflow/intelligent-traffic-management-with-nbar.html" title="Intelligent Traffic Management with NBAR">Intelligent Traffic Management with NBAR</a></li> <li id="traffic-wanipsla"><a href="/products/netflow/wan-rtt-monitor.html" title="WAN Monitoring using IPSLA">WAN Monitoring Using IP SLA</a></li> <li id="traffic-bntm"><a href="/products/netflow/bandwidth-utilization.html" title="Bandwidth Utilization">Bandwidth Utilization Report</a></li> <li id="traffic-speed-mon"><a href="/products/netflow/network-speed-monitor.html" title="Network Speed Monitor">Network Speed Monitor</a></li> <li id="traffic-network-traffic"><a href="/products/netflow/linux-network-traffic-monitoring.html" title="Linux Network Traffic Monitor">Linux Network Traffic Monitor</a></li> <li id="traffic-ntmtools"><a href="/products/netflow/network-traffic-monitoring-tools.html" title="Network Traffic Monitoring Tools">Network Traffic Monitoring Tools</a></li> <li id="traffic-wifi"><a href="/products/netflow/wifi-traffic-monitor.html" title="Wi-Fi Monitoring">Wi-Fi Monitoring</a></li> <li id="ent-traffic"><a href="/products/netflow/enterprise-network-traffic-monitoring.html" title="Enterprise Network Traffic Monitoring">Enterprise Network Traffic Monitoring </a></li> <li id="traffic-fntmt"><a href="/products/netflow/free-network-traffic-monitoring-tool.html" title="Free Network Traffic Monitoring Tool">Free Network Traffic Monitoring Tool</a></li> <li id="traffic-ata"><a href="/products/netflow/application-traffic-alerting.html" title="Application Traffic Alerting">Application Traffic Alerting</a></li> <li id="trafficanomaly"><a href="/products/netflow/network-traffic-anomaly-detection.html" title="Network Traffic Anomaly Detection">Network Traffic Anomaly Detection</a></li> <li id="tforecast"><a href="/products/netflow/network-traffic-forecasting.html" title="Network Traffic Forecasting">Network Traffic Forecasting</a></li> </ul> </li> <li id="fea-nvi"><span>QoS Monitoring</span> <ul> <li id="qst-nt"><a href="/products/netflow/troubleshoot-faster.html" title="Network Troubleshooting">Network Troubleshooting</a></li> <li id="qst-snt"><a href="/products/netflow/traffic-shaping.html" title="Traffic shaping">Traffic Shaping</a></li> <li id="qst-qosm"><a href="/products/netflow/qos-monitoring.html" title="QoS Monitoring">QoS Monitoring</a></li> <li id="qst-qs"><a href="/products/netflow/allaboutqos.html" title="Quality of Service">Quality of Service</a></li> <li id="qst-qos"><a href="/products/netflow/app-qos-traffic-shaping.html" title="Application-level QoS Shaping">Application-level QoS Shaping</a></li> <li id="qst-qosmon"><a href="/products/netflow/cbqos.html" title="Class Based Qos Monitoring">Class Based QoS Monitoring</a></li> <li id="qst-validqos"><a href="/products/netflow/validating-qos-policies-with-cbqos.html" title="Validating QoS Policies">Validating QoS Policies</a></li> <li id="qst-qosconfig"><a href="/products/netflow/qos-configuration.html" title="Qos Configuration">QoS Configuration</a></li> </ul> </li> <li id="fea-nfm"><span>Reports</span> <ul> <li id="rep-tr"><a href="/products/netflow/netflow-analyzer-reports.html" title="Troubleshoot Reports">Troubleshoot Reports</a></li> <li id="rep-cb"><a href="/products/netflow/customizable-dashboard.html" title="Customizable Bandwidth">Customizable Bandwidth</a></li> <li id="rep-bur"><a href="/products/netflow/bandwidth-reports.html" title="Bandwidth Utilization Reports">Bandwidth Reports</a></li> <li id="rep-cpr"><a href="/products/netflow/capacity-planning-reports.html" title="Capacity Planning Reports">Capacity Planning Reports</a></li> <li id="rep-uccp"><a href="/products/netflow/cut-cost.html" title="Use case: Capacity Planning">Use Case: Capacity Planning</a></li> <li id="rep-br"><a href="/products/netflow/usage-based-billing.html" title="Billing Reports">Billing Reports</a></li> <li id="rep-sche"><a href="/products/netflow/scheduling-reports-using-netflow-analyzer.html" title="Scheduling Reports">Scheduling Reports</a></li> <li id="rep-search"><a href="/products/netflow/search-reports-gives-better-understanding-of-network-traffic.html" title="Search Reports">Search Reports</a></li> <li id="rep-waas"><a href="/products/netflow/cisco-waas-reports.html" title="Cisco WAAS reports">Cisco WAAS reports</a></li> <li id="rep-medianet"><a href="/products/netflow/medianet-reports.html" title="Medianet Reports">Medianet Reports</a></li> <li id="rep-cs"><a href="/products/netflow/cloud-services-user-ip-mapping.html" title="Cloud Services">Cloud Services</a></li> <li id="rep-nfr"><a href="/products/netflow/netflow-reports.html" title="NetFlow Report">NetFlow Report</a></li> </ul> </li> <li id="fea-dcm"><span>Network Security and Forensics</span> <ul> <li id="nsf-nsr"><a href="/products/netflow/secure-your-network.html" title="Network Security Reporting">Network Security Reporting</a></li> <li id="nsf-nf"><a href="/products/netflow/network-forensics.html" title="Network Forensics">Network Forensics</a></li> <li id="nsf-nad"><a href="/products/netflow/network-anomaly-detection.html" title="Network Anomaly Detection">Network Anomaly Detection</a></li> <li id="nsf-aft"><a href="/products/netflow/troubleshoot-reports-a-need-for-network-monitor.html" title="Advanced Forensics and Troubleshooting">Advanced Forensics and Troubleshooting</a></li> <li id="nsf-csmt"><a href="/products/netflow/asam-continuous-stream-mining-engine.html" title="Continuous Stream Miner Technology">Continuous Stream Miner Technology</a></li> <li id="nsf-asam"><a href="/products/netflow/network-behavior-analysis-using-advanced-security-analytics-module.html" title="Advance Security Analytics Module">Security Module</a></li> <li id="nsf-bcasam"><a href="/products/netflow/advanced-security-analytics-module-benefits.html" title="Benefits and Capabilities of ASAM">Benefits and Capabilities of Security Module</a></li> <li id="nsf-eveasam"><a href="/products/netflow/advanced-security-analytics-module-event-list.html" title="The 'Event List' in ASAM">The 'Event List' in Security Module</a></li> <li id="nsf-spcc"><a href="/products/netflow/problem-class-catalogue.html" title="Security Problem & Class Catalog">Security Problem & Class Catalog</a></li> </ul> </li> <li id="fea-nsm"><span>Flow-based Monitoring</span> <ul> <li id="flow-netflowmon"><a href="/products/netflow/netflow-monitoring.html" title="NetFlow Monitoring Tools"> NetFlow Monitoring Tools </a></li> <li id="flow-ipfix"><a href="/products/netflow/ipfix-monitoring.html" title="IPFIX Monitoring">IPFIX Monitoring</a></li> <li id="flow-jflow"><a href="/products/netflow/j-flow-monitoring.html" title="Jflow Monitoring">JFlow Monitoring</a></li> <li id="flow-sflow"><a href="/products/netflow/sflow-analyzer.html" title="sflow Analyzer">sFlow Analyzer</a></li> <li id="sflow-nc"><a href="/products/netflow/netflow-collector.html" title="Netflow Collector">Netflow Collector</a></li> <li id="sflow-cisco"><a href="/products/netflow/cisco-netflow.html" title="Cisco NetFlow">Cisco NetFlow</a></li> <li id="sflow-whatisnetflow"><a href="/products/netflow/what-is-netflow.html" title="What is NetFlow?">What is NetFlow?</a></li> </ul> </li> <li id="fea-nfg"><span>Network Packet Sensor</span> <ul> <li id="nps"><a href="https://www.manageengine.com/products/netflow/network-packet-sensor.html" title="Network Packet Sensor">Network Packet Sensor</a></li> <li id="dpi"><a href="/products/netflow/deep-packet-inspection.html" title="Deep Packet Inspection">Deep Packet Inspection</a></li> <li id="nfg-nfg"><a href="/products/netflow/netflow-generator.html" title="NetFlow Generator">NetFlow Generator</a></li> <li id="nst"><a href="/products/netflow/netspeed-tracker.html?lhs" title="NetSpeed Tracker">NetSpeed Tracker</a></li> </ul> </li> <li id="remote"><span>Remote Monitoring</span> <ul> <li id="remote-dm"><a href="https://www.manageengine.com/products/netflow/distributed-monitoring-with-enterprise-edition.html" title="Distributed Monitoring">Distributed Monitoring</a></li> </ul> </li> <li id="integ"><span>Integrations and Add-ons</span> <ul> <li id="remote-app"><a href="https://www.manageengine.com/products/netflow/applications-manager-integration.html" title="Applications Monitoring">Applications Monitoring</a></li> <li id="ipam"><a href="https://www.manageengine.com/products/netflow/ipam-spm-addon.html" title="IPAM and SPM">NetFlow Analyzer-OpUtils Integration</a></li> <li id="remote-ipa"><a href="https://www.manageengine.com/products/netflow/ip-address-management-plugin.html" title="IP Address and Switch Port Management">IP Address Management</a></li> <li id="remote-ipsla"><a href="https://www.manageengine.com/products/netflow/ipsla-monitor.html" title="IP SLA Monitor">IP SLA Monitor</a></li> <li id="remote-ncm"><a href="https://www.manageengine.com/products/netflow/network-configuration-manager.html" title="Network Configuration Management">Network Configuration Management</a></li> <li id="integ-high"><a href="https://www.manageengine.com/products/netflow/highperf.html" title="HighPerf">HighPerf</a></li> <li id="tpintegrations"><a href="https://www.manageengine.com/products/netflow/integrations.html" title="Integrations">Third-Party Integrations</a></li> <li id="remote-slack"><a href="https://www.manageengine.com/products/netflow/slack-integration.html" title="Slack">Slack</a></li> <li id="ctm"><a href="https://www.manageengine.com/products/netflow/aws-vpc-cloud-traffic-monitoring.html" title="Cloud Traffic Monitoring - AWS VPC">Cloud Traffic Monitoring - AWS VPC</a></li> <li id="remote-webhook"><a href="https://www.manageengine.com/products/netflow/webhook-integration.html" title="Webhook Integration">Webhook</a></li> </ul> </li> <li id="mob"><span>Mobile Applications</span> <ul> <li id="mob-apps"><a href="/products/netflow/mobile-apps.html" title="Mobile Apps">Mobile Apps</a></li> </ul> </li> <li id="bmp"><span>Bandwidth Monitoring Basics</span> <ul> <li id="basics"><a href="/products/netflow/basics-of-network-traffic-monitoring.html" title="Network Traffic Monitoring Basics">Network Traffic Monitoring Basics</a></li> <li id="bmp-network-congestion"><a href="/products/netflow/network-congestion.html" title="Network congestion">Network Congestion</a></li> <li id="bmp-sniffer"><a href="/products/netflow/network-sniffer.html" title="Network Sniffer Tool">Network Sniffer Tool</a></li> <li id="bmp-nbm"><a href="/products/netflow/network-bandwidth-monitoring.html" title="Network Bandwidth Monitoring">Network Bandwidth Monitoring</a></li> <li id="bmp-real-time-ndr"><a href="/products/netflow/real-time-threat-detection-with-ndr.html" title="Real-time threat detection with NDR">Real-time threat detection with NDR</a></li> <li id="bmp-best-practices"><a href="/products/netflow/network-bandwidth-monitoring-best-practices.html" title="Network Bandwidth Monitoring Best Practices">Network Bandwidth Monitoring Best Practices</a></li> <li id="bmp-challenge"><a href="/products/netflow/network-bandwidth-monitoring-challenges.html" title="Network Bandwidth Monitoring Challenges">Network Bandwidth Monitoring Challenges</a></li> <li id="wtm"><a href="/products/netflow/wireless-traffic-monitor.html" title="Wireless Traffic Monitor">Wireless Traffic Monitor</a></li> <li id="bmp-trafficm"><a href="/products/netflow/traffic-monitoring.html" title="Traffic Monitoring">Traffic Monitoring</a></li> <li id="bmp-ndr"><a href="/products/netflow/network-detection-and-response.html" title="Network Detection and Response">Network Detection and Response</a></li> <li id="bmp-htmnt"><a href="/products/netflow/how-to-monitor-network-traffic.html" title="How to Monitor Network Traffic">How to Monitor Network Traffic</a></li> <li id="bmp-whatsprotoanal"><a href="/products/netflow/what-is-a-protocol-analyzer.html" title="Protocol Analysis">Protocol Analyzer</a></li> <li id="bmp-packet-sniffer"><a href="/products/netflow/network-packet-sniffer.html" title="Network Packet Sniffer">Network Packet Sniffer</a></li> <li id="bmp-throughput"><a href="/products/netflow/network-throughput.html" title="Network Throughput">Network Throughput</a></li> <li id="bmp-nf"><a href="/products/netflow/what-is-network-forensics.html" title="What is Network Forensics?">What is Network Forensics?</a></li> <li id="bmp-ntat"><a href="/products/netflow/network-traffic-analyzer-tool.html" title="Network Traffic Analyzer Tool">Network Traffic Analyzer Tool</a></li> <li id="bmp-whatisdpi"><a href="/products/netflow/what-is-deep-packet-inspection.html" title="What is Deep Packet Inspection?">What is Deep Packet Inspection?</a></li> <li id="bmp-cbu"><a href="/products/netflow/calculate-bandwidth-usage.html" title="Calculate Bandwidth Usage">Calculate Bandwidth Usage</a></li> <li id="bmp-dos"><a href="/products/netflow/what-is-denial-of-service.html" title="What is denial-of-service?">What is Denial-of-Service?</a></li> <li id="bmp-system"><a href="/products/netflow/network-traffic-management-system.html" title="Network Traffic Management System">Network Traffic Management System</a></li> <li id="throughputvsbandwidth"><a href="/products/netflow/network-throughput-vs-bandwidth.html" title="Bandwidth VS Throughput">Bandwidth VS Throughput</a></li> <li id="bmp-traffic-steering"><a href="/products/netflow/network-traffic-steering.html" title="Network traffic steering">Network Traffic Steering</a></li> <li id="bmp-traffic-engineering"><a href="/products/netflow/network-traffic-engineering.html" title="Network traffic engineering">Network Traffic Engineering</a></li> <li id="bmp-bandwidth-throttling"><a href="/products/netflow/bandwidth-throttling.html" title="Bandwidth throttling">Bandwidth Throttling</a></li> <li id="ip-sniffer"><a href="/products/netflow/ip-sniffer.html" title="IP Sniffer">IP Sniffer</a></li> </ul> </li> <li id="more"><span>More on NetFlow Analyzer</span> <ul> <li id="more-overview"><a href="/products/netflow/netflow-analyzer-overview.html" title="NetFlow Analyzer Overview">NetFlow Analyzer Overview</a></li> <li id="more-benefits"><a href="/products/netflow/netflow-analyzer-product-brief.html" title="NetFlow Analyzer Benefits">NetFlow Analyzer Benefits</a></li> <li id="more-fbmt"><a href="/products/netflow/free-bandwidth-monitoring-tool.html" title="Free Bandwidth Monitor">Free Bandwidth Monitor</a></li> <li id="more-users-nfa"><a href="/products/netflow/top-10-reasons.html" title="Why users love NFA">Why users love NFA</a></li> <li id="more-fnta"><a href="/products/netflow/free-network-traffic-analyzer.html" title="Free Network Aanalyzer">Free Network Analyzer</a></li> </ul> </li> <div id="itom-related-products"></div> <div class="refer"><strong>Refer Resources</strong></div> <ul class="refer-res"> <li><a href="https://show.zohopublic.com/publish/h8zn33d986963282848aaa0448b412bbfa157" target="blank">NetFlow Analyzer Product Overview</a></li> <li><a href="https://www.manageengine.com/products/netflow/resources.html" target="_blank">Case Studies & White Papers</a></li> </ul> <div id="itom-lhs-img"> </div> </div> <div class="rhs-cont"> <div class="banner"> <div class="banner-row"> <div class="col"> <div class="banner-contents"> <h1 class="h1">Network forensics: An approach for network security, troubleshooting and everything in between</h1> <div class="banner-cta"><a href="https://www.manageengine.com/products/netflow/demo-form.html" target="_blank">Schedule a personalized demo</a> <a href="https://www.manageengine.com/products/netflow/download.html" target="_blank">Get a free trial</a></div> </div> </div> <div class="col"> <div class="banner-vid"> </div> </div> </div> </div> <p> </p> <h1>What is network forensics?</h1> <p>Businesses adopt new techniques to keep their network security in check for zero-day vulnerabilities. Unlike the physical layer that gives immediate indication on problems, hacking attempts can go unnoticed and become severe until there is a <a href="https://www.manageengine.com/products/netflow/network-traffic-analysis.html" target="_blank">holistic visibility into network traffic</a>. You can track traffic flow for its source and destination through real-time monitoring, but viewing the "who", and "how" of historical traffic pattern data is valuable for helping you troubleshoot bandwidth bottlenecks.</p> <p>The solution you choose should enable you to review each metric individually to pinpoint the source of an issue or potential issue. For example, the granular details of a traffic spike can help you determine the severity of an issue and isolate the weak points in your network. This is where <a href="https://www.manageengine.com/products/netflow/network-forensics.html?what-is-forensics">network forensics</a> comes in. These efforts can ultimately help you develop a hack-proof network. So, what is <strong>network forensics</strong>, and why is network forensics used? Let's take a look at these aspects now.</p> <div class="sec-row"> <h2>Network forensics: The dynamic component of network traffic analysis</h2> <p>Network forensics, a subset of digital forensics, captures and analyzes network traffic to discover useful information helpful for investigating security breaches. A cyberattack in an organization can be unknown until it impacts a major data source. But to make sure that it doesn't occur again, admins might need to collect network traffic data from the past, determine the scope of the problem, and identify what went wrong, especially any security vulnerabilities and configuration problems.</p> </div> <div class="sec-row"> <h2>Is network forensic better than utilizing a firewall or an IDS?</h2> <p>As a network administrator, you know how well-established and effective the security tools firewalls and intrusion detection systems (IDS) are. But how does it make them less efficient when compared to network forensic analysis tools (NFAT)? The answer involves the basic working principle followed by both of these security systems.</p> <p>An ideal firewall will allow and restrict traffic flowing to and from particular IP address, network, or port numbers, based on an admin's pre-configured rules. But there are protocols that can sidestep specific ports. Therefore violating port-based security is easier for the hackers, and allows them to gain access to your network. Even the internal users can access malicious websites.On the other hand, an ideal IDS works by typically blocking the traffic that doesn't match the preconfigured security policies. But not every intrusion can be detected.</p> <p><a href="https://www.manageengine.com/products/netflow/network-forensics.html" target="_blank">Network forensic solutions</a> improve on both of these methods by collecting the entire flow of traffic to uncover anomalies. These tools concentrate only on the piece of information that is necessary to detect troubles and determine the root cause of the issues. This is because <strong>network forensic</strong> analysis tools follow two basic methods: The first method is where you receive a complete picture of the traffic to maintain records and find the underlying issues; the second method is where it quickly analyzes the traffic of interest, and shares the relevant information regarding it.</p> <div class="vid-con"><iframe src="https://www.youtube-nocookie.com/embed/LGeD1xqnN6o" title="ManageEngine NetFlow Analyzer: The advanced network forensics tool for detecting zero-day threats" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen="" frameborder="0"></iframe></div> </div> <div class="sec-row"> <h2>Use cases of network forensics tools</h2> <p><b>Security</b></p> <p>Since the <strong>network forensics process</strong> depends on the collection of evidence, you can find malicious domains, URLs, and detect threats with raw data. You can discover the origin of the traffic and who might be behind the suspicious traffic. With granular details, you can track the growth pattern to determine if the irregularity results from excessive bandwidth usage or a hacking attempt.</p> <p><b>Traffic analysis</b></p> <p>Although security is one inevitable reason for choosing network forensics, it can also help troubleshoot issues with <a href="https://www.manageengine.com/products/netflow/network-traffic-analysis.html" target="_blank">in-depth traffic analysis</a>. Imagine a three-minute traffic spike at 5:45 pm on Saturday. With forensics, you can get a picture of why there's a traffic spike outside business hours, what protocols contributed to the traffic spike, and know the source and target machines so you can troubleshoot the issue. You can find the information related to bandwidth use by protocols, devices, and users.</p> <p><b>Performance</b></p> <p><strong>Network forensics techniques</strong> are primarily based on storing the traffic data for a longer time to understand how the trends change. Say an organization's application server is unresponsive and many messages or traffic has been lost, forensics helps you investigate this by providing information about traffic load over time so you can <a href="https://www.manageengine.com/products/netflow/network-behavior-analysis-using-advanced-security-analytics-module.html" target="_blank">detect unnoticed anomalies</a> or application errors. Since network forensics collects the entire picture of network traffic, you can pinpoint a source, or look at the signs of bottlenecks to identify if it was an hacking attempt or a persisting congestion issue.</p> </div> <div class="sec-row"> <h2>ManageEngine NetFlow Analyzer: The advanced network forensics tool</h2> <p>NetFlow Analyzer is a network forensic analysis tool that captures the raw data and provides you with accurate insights about the bandwidth usage, security, and performance of your network. You can leverage the tool to receive forensics reports that go back in time so you can determine the root cause of bottlenecks and see how the patterns have changed. This can help you build policies and restrict certain harmful traffic from penetrating your network.</p> <p><img src="/products/netflow/images/basics-of-network-forensics.png" alt="What is network forensics? - ManageEngine NetFlow Analyzer" title="Basics of Network Forensics" /></p> <p>Other advantages for utilizing NetFlow Analyzer:</p> <ul> <li>Monitoring an individual network elements' bandwidth usage</li> <li>Setting up threshold-based alarms to alert you about unusual traffic behaviors</li> <li>Finding top talkers on the network by applications, conversations, and protocols</li> <li>Generating traffic trends reports for troubleshooting and optimization</li> </ul> </div> <div class="sec-row"> <h2>More on Network Forensics</h2> <div class="accordion_head"> <h2 class="faqh">What is the importance of network forensics?</h2> <span class="plusminus">+</span></div> <div class="accordion_body" style="display: none;"> <p>Network forensics is important to capture and analyze network traffic and audit the bandwidth usage to detect any anomalies or irregular behavior. Beyond promoting the security by monitoring user activities, network forensics also helps to find out the root cause of any bandwidth bottlenecks and prevents further performance issues.</p> </div> <div class="accordion_head"> <h2 class="faqh">How does network forensics work?</h2> <span class="plusminus">+</span></div> <div class="accordion_body" style="display: none;"> <p>Network forensics follows the general working of execution, such as: Obtaining bandwidth usage information, strategizing and then collecting evidence to analyze traffic spikes or behavior and finally reports on the entire network's performance.</p> </div> </div> <div class="sec-row"> <h2 class="tac sub-heading">Additional resources</h2> <div class="more-op-fea"><a href="https://www.manageengine.com/products/netflow/network-forensics.html" target="_blank"> <span>Network forensics: Forensics analysis the NetFlow Analyzer way!</span> </a> <a href="https://www.manageengine.com/products/netflow/troubleshoot-reports-a-need-for-network-monitor.html" target="_blank"> <span>Advanced forensics and troubleshooting: Proactive security monitoring for dynamic IT infrastructure </span></a> <a href="https://www.manageengine.com/products/netflow/help/how-to-generate-forensics-report.html" target="_blank"> <span>Forensics reports: Assess the scope of security in your network with raw data reports</span></a> <a href="https://www.manageengine.com/products/netflow/network-detection-and-response.html" target="_blank"> <span>Security module: Securing network with Network Behavior Anomaly Detection (NBAD)</span></a></div> </div> <p> </p> </div> </div> </section> <section> <div class="container"> <div id="customer-logo" data-custlogo="nfa"></div> </div> </section> <div class="clearfix"></div> <section> <div class="clearfix sec-pTB opmRelPrd mbH"> <div class="fea-nav container"> <div class="fea-nav-link clearfix"><span data-nav="allFeaDiv3">Benefits</span><span data-nav="allFeaDiv2">Related Products</span></div> <div class="fea-nav-list"> <div id="allFeaDiv3" class="fea-list-cont clearfix"> <ul> <li>» <a href="/products/netflow/bandwidth-monitoring.html">Bandwidth Monitor</a></li> <li>» <a href="/products/netflow/bandwidth-reports.html">Bandwidth Reporting</a></li> <li>» <a href="/products/netflow/cisco-netflow.html">Cisco NetFlow</a></li> <li>» <a href="/products/netflow/netflow-monitoring.html">NetFlow Monitoring</a></li> <li>» <a href="/products/netflow/network-traffic-analysis.html">Network Traffic Analyzer</a></li> <li>» <a href="/products/netflow/site-to-site-traffic-monitoring.html">Site to Site Traffic Monitoring</a></li> </ul> <ul> <li>» <a href="/products/netflow/optimize-performance.html">Application Performance Optimization</a></li> <li>» <a href="/products/netflow/secure-your-network.html">Network Security</a></li> <li>» <a href="/products/netflow/netflow-reports.html">NetFlow Reporting</a></li> <li>» <a href="/products/netflow/scheduling-reports-using-netflow-analyzer.html">Automating Network Reports</a></li> <li>» <a href="/products/netflow/customizable-dashboard.html">Customizable Dashboard</a></li> <li>» <a href="/products/netflow/network-traffic-monitor.html">Network Traffic Monitor </a></li> </ul> <ul> <li>» <a href="/products/netflow/troubleshoot-reports-a-need-for-network-monitor.html">Faster Network Troubleshooting</a></li> <li>» <a href="/products/netflow/protocol-and-application-monitoring.html">Protocol and Application Monitoring</a></li> <li>» <a href="/products/netflow/netflow-analyzer-reports.html">NetFlow Analyzer Reports</a></li> <li>» <a href="/products/netflow/Department-wise-bandwidth-monitoring-using-netflow-analyzer.html">Department-wise Bandwidth Monitoring</a></li> <li>» <a href="/products/netflow/usage-based-billing.html">Billing ⁄ Measure Bandwidth Usage</a></li> <li>» <a href="/products/netflow/cbqos.html">Cisco CBQoS Monitoring</a></li> </ul> </div> <div id="allFeaDiv2" class="fea-list-cont clearfix"> <ul> <li class="relOpm">» <a title="Network Monitoring - ManageEngine" href="https://www.manageengine.com/network-monitoring/?relPrd">Network Monitoring</a></li> <li class="relNfa">» <a title="Bandwidth Monitoring & Traffic Analysis - ManageEngine" href="https://www.manageengine.com/products/netflow/?relPrd">Bandwidth Monitoring & Traffic Analysis</a></li> <li class="relNcm">» <a title="Network Configuration Management - ManageEngine" href="https://www.manageengine.com/network-configuration-manager/?relPrd">Network Configuration Management</a></li> <li class="relIpam">» <a title="Switch Port & IP Address Management - ManageEngine" href="https://www.manageengine.com/products/oputils/?relPrd">Switch Port & IP Address Management</a></li> <li class="relFwa">» <a title="Firewall Management - ManageEngine" href="https://www.manageengine.com/products/firewall/?relPrd">Firewall Management</a></li> </ul> </div> </div> </div> </div> </section> <section> <div class="btmBar min-mbH"> <div class="menuheader" id="btmBar"> <div class="container clearfix"> <ul class="prd-nav"> <li class="mbH btm-dwn"><a href="/products/netflow/download.html?btmMenu">Download <span class="dwn-btm-icon"> </span></a></li> <li><a href="http://demo.netflowanalyzer.com/" target="_blank"><span class="demo-icon"> </span><br> Live Demo</a></li> <li><a href="/products/netflow/netflow-analyzer-editions.html"><span class="comp-icon"> </span><br> Compare</a></li> <li><a href="/products/netflow/getquote.html?btmMenu"><span class="quote-icon"> </span><br> Get Quote</a></li> <li><a href="https://store.manageengine.com/netflow/"><span class="buy-icon"> </span><br> Buy Now</a></li> </ul> </div> </div> </div> </section> <footer id="meCommonFooterNew"></footer> <div id="survey" data-surveyPrd="nfa"> </div> <script src="https://accounts.zoho.com/u/info" type="text/javascript"></script> <script src="https://www.manageengine.com/js/me-v1-header-a.js"></script> <script src="https://www.manageengine.com/js/me-new-v1.js"></script> <script src="/itom/js/me-itom.js"></script> <script type="text/javascript">$(document).ready(function(){ $("#storelnk").attr("href", "https://store.manageengine.com/netflow/"); $("#forumlnk").attr("href", "https://forums.manageengine.com/netflow-analyzer"); $("#blogslnk").attr("href", "https://blogs.manageengine.com/product-blog/netflowanalyzer");});</script> <script>$(document).ready(function(){var gfdBtn= $('<span id="gfd"><a href="/products/netflow/demo-form.html"><strong>Get FREE DEMO</strong></a></span>');$("body").append(gfdBtn);}); $('.ssRhs>ul').prepend('<li><a href="tel:+18446497760"><strong>US:</strong> +1 844 649 7760</a></li>'); $('.ssRhs').append('<li><span>Direct Inward Dialing</span></li><li><a href="tel:+14089169595"><strong>Tel:</strong> +1 408 916 9595</a></li>'); </script> <script>$('[data-slideshare]').click(function(e){e.preventDefault();var getVal = $(this).attr('data-slideshare');$('.pop-container').html('<span id="close"> </span><div class="tac"><iframe src="'+getVal+'" width="650" height="460" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" style="border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;" allowfullscreen></iframe></div>');$('.pop-box,.pop-container').fadeIn();});</script> <script>$('#rp-nfa').hide();</script> <script src="https://www.manageengine.com/js/opm-survey-form.js"></script> <script type="text/javascript">$('#bmp > span').addClass('dropact').siblings('ul').show();$('#bmp-]nf a').addClass('feaact');$('#fea').addClass('selecteddiv'); </script> <script src="https://www.manageengine.com/products/netflow/style/swiper/swiper.min.js" charset="utf-8"></script> <script> var swiper = new Swiper('.swiper-container', { slidesPerView: 1, spaceBetween: 0, loop: true, autoHeight: true, /*autoplay: { delay: 5000, },*/ pagination: { el: '.swiper-pagination', type: 'bullets', clickable:true, }, navigation: { nextEl: '.swiper-button-next', prevEl: '.swiper-button-prev', }, }); $(".nav-inner").find("a").click(function(e) { e.preventDefault(); var section = $(this).attr("href"); $("html, body").animate({ scrollTop: $(section).offset().top - 180 }); }); var flotingNav = $('#key-benefits').offset().top - 150; var removeFloatNav = $('#observability').offset().top - 150; $(window).scroll(function(){ if( $(window).scrollTop() > flotingNav ) { $('#key-benefits').addClass('sticky'); } else { $('#key-benefits').removeClass('sticky'); } if( $(window).scrollTop() > removeFloatNav ) { $('#key-benefits').removeClass('sticky'); } }); $(".key-benefits-row .col").find("a").click(function(e) { e.preventDefault(); var section = $(this).attr("href"); $("html, body").animate({ scrollTop: $(section).offset().top - 170 }); }); </script> <script type="text/javascript"> var leftindex=1; var topleftindex=1; function leftrotater(x) { if(x=="top") { if(topleftindex == 9){topleftindex=0;} document.getElementById("topleftside"+topleftindex).style.display="block"; for(var i=0; i<=8; i++) { if(topleftindex !=i) document.getElementById("topleftside"+i).style.display="none"; } topleftindex++; } else { if(leftindex == 9){leftindex=0;} document.getElementById("leftside"+leftindex).style.display="block"; for(var i=0; i<=8; i++) { if(leftindex !=i) document.getElementById("leftside"+i).style.display="none"; } leftindex++; } } var rightindex=1; var toprightindex=1; function rightrotater(x) { if(x=="top") { if(toprightindex == 9){toprightindex=0;} document.getElementById("toprightside"+toprightindex).style.display="block"; for(var i=0; i<=8; i++) { if(toprightindex !=i) document.getElementById("toprightside"+i).style.display="none"; } toprightindex++; } else { if(rightindex == 9){rightindex=0;} document.getElementById("rightside"+rightindex).style.display="block"; for(var i=0; i<=8; i++) { if(rightindex !=i) document.getElementById("rightside"+i).style.display="none"; } rightindex++; } } </script> <script> $(".accordion_head").click(function(){ $(".accordion_head").removeClass('active'); if ($('.accordion_body').is(':visible')) { $(".accordion_body").slideUp(300); $(".plusminus").text('+'); } if($(this).next(".accordion_body").is(':visible')){ $(this).next(".accordion_body").slideUp(300); $(this).children(".plusminus").text('+'); $(this).children(".plusminus").text('+'); //$(this).children('.accordion_head').removeClass('active'); }else { $(this).next(".accordion_body").slideDown(300); $(this).children(".plusminus").text('-'); $(this).addClass('active'); //$(this).children('.accordion_head').addClass('active'); } }); </script> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "VideoObject", "name": "What is Network Forensics? Definition & Basics - ManageEngine NetFlow Analyzer", "description": "Network forensics is the process of capturing and analyzing the network traffic to investigate security attacks. Learn more about ManageEngine NetFlow Analyzer!", "thumbnailUrl": ["https://i.ytimg.com/vi/LGeD1xqnN6o/maxresdefault.jpg"], "uploadDate": "2023-08-17", "duration":"PT3M11S", "embedUrl": "https://www.youtube-nocookie.com/embed/LGeD1xqnN6o" } </script> </body>