Digital forensics is an immature field, despite the fact that investigators have performed autopsies of computer corpses for several decades Digital forensics is typically divided into host-based forensics and network-based forensics While many think forensics means searching a hard drive for illicit images, others believe forensics involves discovering evidence of compromise Until digital forensics professionals agree on common definitions, tools, and tactics it's premature to refer to NSM, or any other network-based evidence collection process, as network-based forensics Incident response is a computer security term; digital forensics is a legal one Legal terms carry the burden of chains of custody, meeting numerous court-derived tests and other hurdles ignored by some incident responders While NSM should respect laws and seek to gather evidence worthy of prosecuting criminals, the field is not yet ready to be labeled as network-based forensics.
