Archive for September, 2020
Network Forensic — Week 2
September 26th, 2020 Posted 8:12 am
Week 2
This session we learned about Source of Network-based Evidence and Principles of Internetworking
There are different kinds of network-based evidence. Such as On the wire In the Air and Routers.
On the wire is a physical cabling that carries data over the network. A wire tapping can provide real-time network data. There are different tap types, such as vampire tap, surreptitious fibre tap and infrastructure tap. Vampire tap punctures insulation and touches cables.Surreptitious fibre tapbends cable and cuts sheath which exposes light signal Infrastructure tap plugs into connectors and replicates signal.
In the air functions as wireless station to station signals. It may not be as useful as the others as the information obtained is usually encrypted, but there are still information that can be obtained such as:
- Management and controls frames
- Access Points
- Stations Probes for AP’s and APs
- MAC addresses of legitimate authenticated stations
- Volume-based statistical traffic analysis
Routers connect traffic on different subnets or networks. It allows different addressing schemes to communicate. Routers make MANs, WANs, and GANs possible. Routers are useful sources fo numerous reasons such as:
- Routing tables
- Map ports on the router to networks they connect
- Allows path tracing
- Function as packet filters
- Logging functions and flow records
- Deployed intrusion detection
Internetworking on the other hand is the connection and communication between many networks. A link between networks must be established, routing for delivery of data packets, an account to keep track of status information are needed in other to establish internetworking.
Tags: Network Forensic
Posted in Database System -- Semester 3, Ethical Hacking -- Semester 4, Intelligent System -- Semester 4, Network Forensic -- Semester 5, Uncategorized
Network Forensic — Week 1
September 18th, 2020 Posted 2:36 pm
Week 1
Network Forensics can be defines as a section of digital forensics. It’s main objective centres on monitoring and analysing network traffic. The intention behind this is
- Intrusion Detection/Prevention
- Information Gathering
- Legal Evidence
Network Forensics is often confused with Computer Forensics. However, these two are very different as shown in the table below.
| Computer Forensics | Network Forensics |
|---|---|
| Data is not much change for daily usage | Data is much change constantly |
| Evidence is contained within the file system | Evidence sometime exists only in RAM |
| Easy to perform a forensically sound acquisition | Most network devices does not have non-volatile storage |
| Seizing one or several computers would not make deep impact to the business | Taking network devices would be problematic |
Network Forensics is needed to be able to determine how the incident occurred and how long it took. Furthermore, it can help identify what data was taken and what systems were affected. This is basically used to collect evidence so that the criminal will be convicted. Network Forensics is able to obtain different kinds of evidence that is useful in identifying the culprit