5G Security Operations — SOC for 5G Core Networks · Pro

Forensics for 5GC — evidence and lawful process

Forensic Evidence for 5GC Incidents

A 5GC incident generates evidence across multiple sources. Logs: NF access logs, OAM logs, NRF logs, signaling logs (NGAP, PFCP, GTP). These show what messages flowed where and when. Traffic captures: PCAP files of SBI traffic, signaling traffic. These preserve the actual data exchanged. NF state: in some incidents, capturing the live NF's memory or runtime state preserves forensic evidence (process memory, in-flight state, current connections). Cluster state: Kubernetes state, NRF state, NF profile registrations — what the system was doing at the time. Alert and incident records: SIEM…

Continue reading with Pro

Your free trial has ended. Subscribe to unlock the full lesson plus all 32 advanced levels, 900 lessons, labs, and 17 TELCOMA certification exams.

$19/month or $199/year·7-day money-back guarantee·Cancel anytime