We will use statistical analysis techniques in the upcoming chapters in a much more efficient manner. The goal of this chapter was to familiarize ourselves with the tools used in the process. We looked at YAF, SiLK, and Wireshark for statistical data analysis in the IPFIX and NetFlow formats.
In the next chapter, we will learn how to uncover the tunneled traffic and gain forensic value from it. We will look at a variety of techniques to decode and decrypt traffic sessions and active encryptions.