Network forensics is used to find legal evidence in network devices. In this course, Jungwoo Ryoo covers all of the major concepts and tools in this growing technical field. Jungwoo begins by reviewing the basics: the goals of network forensics, a network forensic investigator's typical toolset, and the legal implications of this type of work. Then, he shows how to prepare for an investigation; acquire network logs and investigate network events; collect and investigate network traffic; and leverage various network forensics tools, such as Wireshark, Splunk, and tcpdump. Along the way, he uses a combination of open-source and commercial software, so you can uncover the information you need with tools that are in your budget.