Network Forensics? Please.
Today I looked at the Interop New York 2005 Schedule and noticed an item called "Network Forensic Day" taught by Pine Mountain Group. I try to stay current with people and companies performing security work, but I had never heard of PMG. I looked at the description of the course, wondering if the "network" meant "enterprise," as in "how to use forensics in the enterprise." I think that is a misapplication of the term network in that context, but it's common enough. Alternatively, perhaps "network" meant "traffic," which is how I use the term.
When I mention "network forensics," I define it as the art of collecting, protecting,
analyzing, and presenting network traffic to support remediation or prosecution. This is in line with the definition of forensics:
"1. The art or study of formal debate; argumentation.
2. The use of science and technology to investigate and establish facts in criminal or civil courts of law."
It turns out PMG's use of the term "Network Forensics" has nothing to do with any recognized application of the term. They say:
"Network Forensics is the study of the micro transactions of inter-network components, platforms and the applications that process on and across them.
By taking a forensic measurement of a micro transaction, quantifying the repeated dependency on the micro to that of the macro we can quantify the improvement for an end user that specific IT optimizations might provide. On the business process side, quantification of the cost of the macro transaction time spent by an end user can be quantified in annual cost or lost productivity associated with slow applications. Knowing optimization improvements and their associated costs allows a long term ROI to be considered. The result? Best bang for the buck optimization!
Come join PMG NetAnalyst in a day of cross technology, vendor independent network training with a twist: PMG will take you on a journey down several complex multi-vendor network environments where troubles abound. You will be taught how to use a well rounded 'bag of tools' to analyze and troubleshoot the issues as well as how applying best practices could have avoided these issues. Forensics Day will show you how to save money as well as improve performance and reliability by using 'brain cells' instead of budget to solve and even prevent problems."
Please. This is not "network forensics" by any stretch of the imagination. This is an attempt to add a sexy name to the otherwise boring ideas of network troubleshooting. The latest iteration and expansion of the concept uses the term Business Service Management, which I learned about recently though the 1 September 2005 Network Computing magazine.
I understand there are similar uses of the term "forensics" outside of the legal realm. However, "network forensics" has had a security association for years. I would like to see it stay that way to avoid further cluttering our professional landscape.
When I mention "network forensics," I define it as the art of collecting, protecting,
analyzing, and presenting network traffic to support remediation or prosecution. This is in line with the definition of forensics:
"1. The art or study of formal debate; argumentation.
2. The use of science and technology to investigate and establish facts in criminal or civil courts of law."
It turns out PMG's use of the term "Network Forensics" has nothing to do with any recognized application of the term. They say:
"Network Forensics is the study of the micro transactions of inter-network components, platforms and the applications that process on and across them.
By taking a forensic measurement of a micro transaction, quantifying the repeated dependency on the micro to that of the macro we can quantify the improvement for an end user that specific IT optimizations might provide. On the business process side, quantification of the cost of the macro transaction time spent by an end user can be quantified in annual cost or lost productivity associated with slow applications. Knowing optimization improvements and their associated costs allows a long term ROI to be considered. The result? Best bang for the buck optimization!
Come join PMG NetAnalyst in a day of cross technology, vendor independent network training with a twist: PMG will take you on a journey down several complex multi-vendor network environments where troubles abound. You will be taught how to use a well rounded 'bag of tools' to analyze and troubleshoot the issues as well as how applying best practices could have avoided these issues. Forensics Day will show you how to save money as well as improve performance and reliability by using 'brain cells' instead of budget to solve and even prevent problems."
Please. This is not "network forensics" by any stretch of the imagination. This is an attempt to add a sexy name to the otherwise boring ideas of network troubleshooting. The latest iteration and expansion of the concept uses the term Business Service Management, which I learned about recently though the 1 September 2005 Network Computing magazine.
I understand there are similar uses of the term "forensics" outside of the legal realm. However, "network forensics" has had a security association for years. I would like to see it stay that way to avoid further cluttering our professional landscape.
Comments
This is another example of "cultural marketing" at its best (or worst). With the popularity of television programs like CSI, Law & Order, et al. I'm surprised we aren't seeing more examples of this.
It reminds me of when a certain game show was hugely popular a few years back. Everywhere I turned I saw seminars such as "Who Wants To Be A CIO?"... "Who Wants To Be An IT Hero?"...... Ugh..
You're all in the business of selling your seminars and books. Try to keep that in mind as you pompously denegrate others methods in the name of "uncluttering" your field.
I really like your stuff, but I find it hard to believe that you've never heard of PMG before. Pine Mountain Group has been a staple offering network analysis training at the Interop conferences since the early 90's. Regarding your dislike of the term "Network Forensics" being used by PMG for their courses, you do have a point regarding the definition of the term. However, PMG has been talking about "Network Forensics" for a long time. I believe I heard Bill Alderson, the founder of PMG, use the term this way back in 2000 at the Interop conference in Atlanta. Where have you been all of these years?
Clarke Morledge
Network Engineer
College of William and Mary