cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
aristocrate90
Viewer

Detection network forensic investigation

Hello everyone,

recently I've been struggling with the subject of "detection network forensic investigations". The point is for an attacker to recognize when an environment is being monitored. Clues for the attacker are, for example, runtime errors that should indicate monitoring. I have already examined the recording technique (SPAN, TAP, sniffing) and unfortunately I cannot imagine how an attacker in the LAN can raise suspicions of a forensic examination. I also looked at it with Netflow without success. Do you have any ideas on the subject? a literature that can possibly explain the process better to me? Thanks for your support.

Cheers