Differentiate between computer and network forensics.

Computer forensics focuses on analyzing data stored on individual computing devices. This discipline aims to uncover evidence of digital crimes or incidents. It involves examining hard drives, memory, and other storage media. The goal is to reconstruct events, recover deleted files, and identify malicious activity on a specific system.

Network forensics, in contrast, deals with monitoring and analyzing network traffic, logs, and other network-related data. It detects, investigates, and responds to security incidents. This field involves capturing and analyzing packet data, flow records, and network device logs. Its purpose is to trace the path of an attack, identify intruders, and understand network-wide activities across an entire network infrastructure.

The main difference lies in their scope and data sources. Computer forensics examines static data on endpoints, like data on a hard drive or RAM. Network forensics analyzes dynamic data in transit or logs generated by network devices, such as routers or firewalls, to understand communication patterns and attacks across the network.