+1 888 900 4529

Network Data Analysis

Acquire Email Evidence Across Network

network Data Analysis

Windows Operating System has this functionality of connecting multiple computers altogether for internal sharing and exchange of data. Microsoft uses two different logical models for this, Workgroups and Domains. Corporates computers are usually connected through such networks and in case of any corporate forensic investigation of P2P local networks, it is important to analyze of all the connected systems for complete network data analysis in peer to peer file sharing. Investigators must be aware of the arrangement and differences between these two models in order to monitor and examine security vulnerabilities.

Two Different Logical Models

  • Workgroup: Workgroup can be defined as an arrangement for peer-to-peer file sharing networks where each computer is independent but are connected through a network used for data exchange. This network has list of authorized users with passwords applied on it along with security rules & permissions applied.
  • Domain: Another logical structure model for organizations is Domain. It is a group of computers with centralized administrative authentication and control. The connectors, switches, and routers used for physical connection are same for Workgroup or Domain. However, this eases the administrative tasks with centralized control.

Network Data Analysis in Peer to Peer File Sharing

The peer to peer file sharing networks allow the user to access and share the data within the network. In the corporate level operations they are normally use this kind of file sharing method to easily share the data and collaborate the works between the peers. How much this method have importance that much risky also it is. The three common categories of P2P file sharing networks are:

Centralized networks

In centralized network one central index server maintain information about all active nodes in that network. If any new nod need to join in the network then it need to send information about itself to the central index server.

Completely decentralized

In completely decentralized P2P network there is no any central index server or directory. All nodes in this network is identical and no nodes containing more information or functions than its peers.

Semi-centralized networks

In semi-centralized networks multiple nodes contains the index information. They are known as the “super nodes or hubs”. These nods need to perform functions in addition to the regular nodes in the network.

Proper understanding of different types of P2P network will help to efficiently perform network data analysis in peer to peer file sharing during the forensic investigation.

Collection of Evidence from P2P File Sharing Local Network

In the corporate world the use of peer to peer local network is very commonly to share and integrate the workers in their jobs. When a peer to peer file sharing network containing an information or data file related to any crime or any unethical activity occurred on the file transfering network. It is necessary to perform P2P forensic investigation to identify and analyse the data. With the help of forensic evidence collection tool the evidence from the computer network can be extract easily.

Challenges in Forensic Investigation of Peer to Peer Networks

During the network data analysis in peer to peer file sharing, several stages of evidence collection is needed. Challenges during the evidence collection can be classified as legal and technical. The legal challenges in peer to peer forensic data analysis include jurisdiction, spreading of illegal content etc.

Few of the Technical challenges in the P2P Forensic Investigation


Validation of Evidence

During the court procedure validation of evidences collected at every stage is necessary. So if there is any flow in the initial evidence collected the entire investigation could be invalidate.

Blacklisting of Monitor

In some situations the nodes are installed with IP filtering software to prevent a set of known IP address from accessing the node. Before the initial evidence collection it need to confirm that the IP address of the tool not exist in that list.


Encryption of Data

Encryption in the communication make the network monitoring complicated. It will prevent from obtain meaning full information from the network.

Storage Space

It is important that to collect relevant information in the initial stage of investigation. But logging every incoming & outgoing packets would be lead to a need of large amount of storage. Hence it is important to filter out the data which are not providing any meaningful informations.


After Knowing the challenges in the forensic forensic investigation of peer to peer file sharing networks now, you must be thinking about which is the best forensics evidence collection tool to perform peer to peer data analysis in computer forensics. One of the most reliable and recommended tool for P2P forensic investigation is MailXaminer.

Network Analysis With Network Forensic Tool

MailXaminer software program is now embedded with network data analysis feature of giving users access for all the computers connected within certain Workgroup or Domain network. It lets examiners to access the email files (and other files) to be added to the software program to fetch data from network for further analysis. In this way, investigation of files stored in all the systems within a network can be done by performing the operations on same system through Administrative login. Follow the Bellow steps to perform network data analysis in peer to peer file sharing on computer networks.

Step 1: Scan File

Click on Scan File option in order to add the email file to the software.

Scan File

Step 2: Add File

Click on File Format to be examined like here we have selected Outlook PST file. Click on Browse and then search for the PST file through the network.

Add File

Step 3: Network Data

This will display the system locations along with the Network. All the systems available in this P2P file sharing network (Workgroup or Domain) will be listed.

Network Data

Step 4: Select Domain

Click on any particular domain system name to perform network data analysis in peer to peer file sharing, which will scan files from network and the associated shared folders will be displayed. Here, we have selected WIN8 and all the folders are displayed.

Select Domain

Step 5: Select & Open File

Open the folder to find respective file in that system folder. Select the file and click on Open to add the file for investigation.
Note: It is important that the system is part of the same domain to which host machine belongs.

Select & Open File

Step 6: Enter Credentials

Application will prompt users to provide User Name and Password for accessing any system in certain workgroup.

Enter Credentials

Permissions Required:

There are some important permissions requiredt to perform network data analysis in peer to peer file sharing during the Forensic investigation in computer networks. The permisions required for both Workgroup and Domain networks are given bellow.

Workgroup Network

  • Permissions for Folder Access is Required
  • Read/Write Authority is Needed
  • Folder Directory Must be Shared

Domain Network

  • Target System Must be Part of Domain (of Host Machine)
  • Administrative Rights are Required
  • Domain Network's Folder Must be Shared

This support for searching through whole systems added to the network for performing network data analysis in P2P file transfer is extremely beneficial for interrogating emails of all systems through same host machine. With this integrated facility of network forensic analysis software, users can perform a systematic investigation.