Network Forensics is an important extension to the model of network security where emphasis is traditionally put on prevention and to a lesser extent on detection. It focuses on the capture, recording, and analysis of network packets and events for investigative purposes. It is a young field for which very limited resources are available. In this paper, we briefly survey the state of the art in network forensics and report our experience with building and testing a network forensics system.