C.S. Projects

Hello

Archive for December, 2020

Network Forensics — Week 11

Comments Off on Network Forensics — Week 11

December 12th, 2020 Posted 5:21 pm

Week 11

This session we learned about switches, routers as wells as firewalls.

Switches are in OSI Layer 2. This contains the MAC address in hexa code. This MAC address identifies the device that is being used as it is unique. However, this MAC address can be easily faked. ARP allows users to convert the MAC address into IP address.

On the other hand, routers are in OSI layer 3. Unlike switches, routers can make routing, meaning it can make a connection between different network whereas switches can’t.

Firewalls have the details on successful or failed connection attempts, protocols , and applications in the network.

Network Forensics — Week 10

Comments Off on Network Forensics — Week 10

December 7th, 2020 Posted 10:30 am

Week 10

This session we learned about event log correlation and analysis. There are a different types of logs in a computer, such as event logs and security logs.

In order to see the event logs in Windows 10, search for ‘Event Viewer’. There are also several types of logs, such as:
Firewall
Recycle bin
IE browsing history
Shortcut files

There are also several analysis tools that can be used to analyse these logs:
Commercial tools :
Retrace
Splunk
Logmatic
Logentries

Open source tools :
Logstash
Graylog

Graylog is able to analyse all the logs when all the companies servers are connected to it. If one system is attacked, then the attack can be investigated through the data of the attack. Graylog’s features provides the time and source of each log. Thus, it makes it easier to identify if someone is trying to brute force their way into the system.