Which category of forensic analysis involves examining data transmitted over networks to detect anomalies?

Network forensics focuses on data transmitted over networks and uses traffic analysis to spot anomalies, intrusions, or suspicious behavior. This category is the best fit because it specifically examines network packets, flows, and logs to detect unusual patterns such as unexpected destinations, unusual traffic volumes, or timing anomalies that indicate misuse or exfiltration. Data recovery deals with restoring lost or corrupted files from storage devices, disaster recovery centers on plans to resume operations after a disruption, and computer forensics analyzes data stored on devices rather than ongoing network communications. Tools like packet capture analyzers, IDS logs, firewall logs, and network flow data are commonly used to reconstruct events and identify network-based anomalies.