There are times when it would be extraordinarily convenient to record the entire contents of
a high-volume network traffic stream, in order to later “travel back in time” and inspect activity
that has only become interesting in retrospect. Two examples are security forensics—
determining just how an attacker compromised a given machine—and network trouble-
shooting, such as inspecting the precursors to a fault after the fault. We describe the design
and implementation of a Time Machine to efficiently support such recording and retrieval …

There are times when it would be extraordinarily convenient to record the entire contents of
a high-volume network traffic stream, in order to later``travel back in time''and inspect activity
that has only become interesting in retrospect. Two examples are security forensics--
determining just how an attacker compromised a given machine--and network trouble-
shooting, such as inspecting the precursors to a fault after the fault. We describe the design
and implementation of a Time Machine to efficiently support such recording and retrieval …