This statement might be correct (although I've never seen any evidence to support it), but it's still misleading because "forward the packet" is always going to require fewer resources than "read the packet, parse it using this set of algos, use the parse results to search your DB of shit you want to fuck with, optionally fuck with the packet, optionally forward the packet". An exception to this would be if you have big iron on the edge that protects resource-poor interior nodes. This situation is unavoidable sometimes (DDOS), but it's not what anyone should aim for.
They don't necessarily need to do anything with the packet then -- they could always pass a copy to cold storage, and then crunch the bits at their leisure in a massive data center.
A) this is probably true to an extent.
B) slurping everything to disk is impractical, and no one has that much storage, so you're back to parsing and deciding at the boundary. This "leisure" time doesn't ever happen when you save everything all the time.
C) this point seems to contradict the various claims of reasonable network maintenance I've seen; if it's trash you want to drop, you want to drop it on the floor not on your disk. If you're keeping actual traffic rather than just summaries of traffic, you're not doing reasonable network maintenance.
