Network forensics: Systems used to collect network data for forensics use usually come in two
forms: Catch-it-as-you-can: All packets passing through a certain traffic point are captured and
written to storage with analysis being done subsequently in batch mode. This approach requires large
amounts of storage. Stop, look and listen: Each packet is analyzed in a basic way in memory and only
certain information is saved for future analysis. This approach requires a faster processor to keep
up with incoming traffic.