A portable network forensic evidence collector

  title={A portable network forensic evidence collector},
  author={Bruce J. Nikkel},
  journal={Digital Investigation},
A small portable network forensic evidence collection device is presented which is built using inexpensive embedded hardware and open source software. The device o ers several modes of operation for di erent live network evidence collection scenarios involving single network nodes. This includes the use of promiscuous packet capturing to enhance evidence collection from remote network sources, such as websites or other remote services. It operates at the link layer allowing the device to be… CONTINUE READING