Today I looked at the Interop New York 2005 Schedule and noticed an item called "Network Forensic Day" taught by Pine Mountain Group. I try to stay current with people and companies performing security work, but I had never heard of PMG. I looked at the description of the course, wondering if the "network" meant "enterprise," as in "how to use forensics in the enterprise." I think that is a misapplication of the term network in that context, but it's common enough. Alternatively, perhaps "network" meant "traffic," which is how I use the term.
When I mention "network forensics," I define it as the art of collecting, protecting,
analyzing, and presenting network traffic to support remediation or prosecution. This is in line with the definition of forensics:
"1. The art or study of formal debate; argumentation.
2. The use of science and technology to investigate and establish facts in criminal or civil courts of law."
It turns out PMG's use of the term "Network Forensics" has nothing to do with any recognized application of the term. They say:
"Network Forensics is the study of the micro transactions of inter-network components, platforms and the applications that process on and across them.
By taking a forensic measurement of a micro transaction, quantifying the repeated dependency on the micro to that of the macro we can quantify the improvement for an end user that specific IT optimizations might provide. On the business process side, quantification of the cost of the macro transaction time spent by an end user can be quantified in annual cost or lost productivity associated with slow applications. Knowing optimization improvements and their associated costs allows a long term ROI to be considered. The result? Best bang for the buck optimization!
Come join PMG NetAnalyst in a day of cross technology, vendor independent network training with a twist: PMG will take you on a journey down several complex multi-vendor network environments where troubles abound. You will be taught how to use a well rounded 'bag of tools' to analyze and troubleshoot the issues as well as how applying best practices could have avoided these issues. Forensics Day will show you how to save money as well as improve performance and reliability by using 'brain cells' instead of budget to solve and even prevent problems."
Please. This is not "network forensics" by any stretch of the imagination. This is an attempt to add a sexy name to the otherwise boring ideas of network troubleshooting. The latest iteration and expansion of the concept uses the term Business Service Management, which I learned about recently though the 1 September 2005 Network Computing magazine.
I understand there are similar uses of the term "forensics" outside of the legal realm. However, "network forensics" has had a security association for years. I would like to see it stay that way to avoid further cluttering our professional landscape.