This course introduces you to network flow analysis using the CERT open source SiLK tool suite. Network flow analysis enables retrospective analysis of a network's traffic to help with forensic analysis, passive network profiling, and threat discovery.
Network flow analysis benefits from the very long retention of flow
data due to the extremely small size of flow records, allowing
examination of traffic going back much further in time than is possible
with analysis of full-packet capture. Network flow analysis also helps
you solve many privacy issues inherent in packet analysis. The SiLK
tool suite is uniquely suited to analyzing extremely large networks
with massive amounts of traffic.