C.S. Projects

Hello

Network Forensics — Week 5

Week 5

This session we learned about evidence acquisition. The best possible outcome would be perfect-fidelity evidence with zero impact on network environment. However, it is not possible to achieve a zero footprint investigation, thus maximum effort must be made to minimise investigative footprint

Physical Interception is capturing or sniffing packets, the tools available for this are
* Inline Network Tap
* Induction Could (which are not commercially available)
* Fiber Optic Taps (similar to inline tap)

Well known software used to capture and sniff packets are
* wireshark
* tcpdump
* ngrep
* nmap

tcpdump has several commands that be use for analysis such as
tcpdump -D which list all possible network interfaces
tcpdump -I interface which shows all packet captured from the network interface

Tags:

This entry was posted on Saturday, October 17th, 2020 at 4:56 pm and is filed under Database System -- Semester 3, Ethical Hacking -- Semester 4, Intelligent System -- Semester 4, Network Forensic -- Semester 5, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.