Archive for October, 2020
Network Forensics — Week 7
October 31st, 2020 Posted 2:03 pm
Week 7
This session we learned about wireless devices that are used in network forensic. There are many wireless devices, such as:
bluetooth earphones
wifi
infrared devices such as TV remotes
wireless doorbells
Zigbee devices
cell phones
Wi-Fi
WiMAX
AM/FM radio
The cases involved with wireless include and are not limited to
1. Tracking a stolen laptop when it connects to a wireless network
2. Identifying rogue wireless access points which were installed by insiders in order to bypass security
3. Investigate malicious and suspicious activity or activities occurring via a wireless network
4. Investigate attacks on the wireless network (denial-of-service or encryption cracking etc.)
Tags: Network Forensic
Posted in Database System -- Semester 3, Ethical Hacking -- Semester 4, Intelligent System -- Semester 4, Network Forensic -- Semester 5, Uncategorized
Network Forensics — Week 5
October 17th, 2020 Posted 4:56 pm
Week 5
This session we learned about evidence acquisition. The best possible outcome would be perfect-fidelity evidence with zero impact on network environment. However, it is not possible to achieve a zero footprint investigation, thus maximum effort must be made to minimise investigative footprint
Physical Interception is capturing or sniffing packets, the tools available for this are
* Inline Network Tap
* Induction Could (which are not commercially available)
* Fiber Optic Taps (similar to inline tap)
Well known software used to capture and sniff packets are
* wireshark
* tcpdump
* ngrep
* nmap
tcpdump has several commands that be use for analysis such as
tcpdump -D which list all possible network interfaces
tcpdump -I interface which shows all packet captured from the network interface
Tags: Network Forensic
Posted in Database System -- Semester 3, Ethical Hacking -- Semester 4, Intelligent System -- Semester 4, Network Forensic -- Semester 5, Uncategorized
Network Forensics — Week 4
October 13th, 2020 Posted 6:41 pm
Week 4
This session we learned about the tools that are needed in order to find, sample, seal and dissect the evidence obtained. This is an extremely important part in network forensics. The evidence that will be investigated could come in many forms, such as a pcap file.
We also learned about flow analysis. Flow analysis is used in order to locate data in the operating system or to identify patterns in traffic.There are several tools that can be used for flow analysis. Those tools are Wireshark, tccpflor, pcapcat, tcpxtract.
Wireshark is available on windows and kali linux. This tool is used to read packet traffic in the operating system, see source and destination address and the details of the package caught.
There are also different types of flow analysis techniques, those techniques are
* list conversation and flow
* export a flow
* file and data carving