Contents
What is Packet Analysis?
Packet analysis is a primary traceback technique in network forensics, which, providing that the packet details captured are sufficiently detailed, can play back even the entire network traffic for a particular point in time.
In reference to packet capture, it also refers to the analysis of identified, captured, and documented packet data so a security operations center (SOC) can determine the source of a network error, breach, or security threat.
What are the benefits of Packet Analysis?
Network data can be analyzed, and network traffic can be segregated by type, using purpose-built software. When captured, stored, and processed efficiently, network packets can be used in forensic investigations, and may even provide admissible evidence against a suspect in a court case. It can be used to find traces of nefarious online behavior, data breaches, unauthorized website access, malware infection, and intrusion attempts, and to reconstruct image files, documents, email attachments, etc. sent over the network.