And this has what to do with forensics software? Packet sniffing and utilizing forensic tools are two totally seperate things. I don't think ANYONE has a moral or legal issue with people using forensics tools to investigate after a break-in. The other issue, logging employee network traffic, is much more controversial. I tend tho agree with the idea that as long as employees are informed of what's happening, it's OK. Doing it without informing them is scummy, and probably illegal.