Question: Network forensics is considered a very hard problem for a number of reasons:
- First, the general anonymity of users on the Internet makes is extremely difficult to determine who a suspect is.
- Second, the fact that international borders make it difficult to determine jurisdiction on the Internet, it is sometimes impossible to backtrack all the way form a victim to a perpetrator.
- Third, logs are not kept forever, so if efforts are not made relatively quickly, they may be erased.
- What can we do in forensics to speed up the process of collecting data? Hypothesize a solution knowing what you know about network data collection.
600 + words or more