So as this topic has caused me to look even deeper into the world of network forensics I started looking at network recording solutions that capture every packet that flows across the network. Besides the details of the packet itself what would you loose by using LEM to capture firewall and router logs with logging turned up to the highest or at least a very high level? It seems like this might be a more diverse solution because you still get the other capabilities of the SIEM versus a network recorder which is very single purpose. Thoughts?
↧