Network forensics is considered a very hard problem for a number of reasons:
First, the general anonymity of users on the Internet makes is extremely difficult to determine who a suspect is.
Second, the fact that international borders make it difficult to determine jurisdiction on the Internet, it is sometimes impossible to backtrack all the way form a victim to a perpetrator.
Third, logs are not kept forever, so if efforts are not made relatively quickly, they may be erased.
What can we do in forensics to speed up the process of collecting data? Hypothesize a solution knowing what you know about network data collection.