I read an article in insecure Magazine Titled "Structured Traffic Analysis" written by Ritchard Bejtlich (http://www.insecuremagazine.com/INSECURE-Mag-4.pdf) and I'm wondering if there is a recognised or official methodology for Network Forensic Analysis. The procedure described by the author of the article is a bit long and confusing (many repetitive tasks).
I want to validate results which I get from an open source tool (Honeywall) as a PCAP file using ethereal and other tools, but I need to follow an established and recognised Methodology that will stand in court of law (although I have no intention to incriminate but to follow the proper procedure). Thanks Omar Bichbiche
