Lindner, FelixGöbel, OliverFrings, SandraGünther, DetlefNedon, JensSchadt, Dirk2019-06-042019-06-042008978-3-88579-234-5https://dl.gi.de/handle/20.500.12116/23596Incident identification, response and forensic analysis depend on the ability to extract meaningful evidence from the suspected system. Such tools do not exist for network infrastructure equipment. The significantly increased attack resilience of common general purpose operating systems poses a surprising new challenge to forensics, as attackers will likely shift their attention back towards network infrastructure control. The paper discusses the importance of network equipment forensics, the anatomy of devices and the attack types encountered. Finally a method for performing forensics on a widely used type of network equipment is presented.enNetwork infrastructure forensicsText/Conference Paper1617-5468