When doing network-based forensics, capturing all the traffic in an organization will generate a very large volume of data and is not practical. Which of these could be practical alternatives when performing an investigation?
1) Perform a deep packet inspection on all the traffic
2) Capture all network traffic but for a brief period of time
3) Randomly select endpoints and capture traffic on them
4) Capture only network flow information
5) Focus only on specific areas of the network