Archive for December, 2020
Network Forensics — Week 11
December 12th, 2020 Posted 5:21 pm
Week 11
This session we learned about switches, routers as wells as firewalls.
Switches are in OSI Layer 2. This contains the MAC address in hexa code. This MAC address identifies the device that is being used as it is unique. However, this MAC address can be easily faked. ARP allows users to convert the MAC address into IP address.
On the other hand, routers are in OSI layer 3. Unlike switches, routers can make routing, meaning it can make a connection between different network whereas switches can’t.
Firewalls have the details on successful or failed connection attempts, protocols , and applications in the network.
Tags: Network Forensic
Posted in Database System -- Semester 3, Ethical Hacking -- Semester 4, Intelligent System -- Semester 4, Network Forensic -- Semester 5, Uncategorized
Network Forensics — Week 10
December 7th, 2020 Posted 10:30 am
Week 10
This session we learned about event log correlation and analysis. There are a different types of logs in a computer, such as event logs and security logs.
In order to see the event logs in Windows 10, search for ‘Event Viewer’. There are also several types of logs, such as:
Firewall
Recycle bin
IE browsing history
Shortcut files
There are also several analysis tools that can be used to analyse these logs:
Commercial tools :
Retrace
Splunk
Logmatic
Logentries
Open source tools :
Logstash
Graylog
Graylog is able to analyse all the logs when all the companies servers are connected to it. If one system is attacked, then the attack can be investigated through the data of the attack. Graylog’s features provides the time and source of each log. Thus, it makes it easier to identify if someone is trying to brute force their way into the system.