SlideShare a Scribd company logo

Chapter 12Searching the Network1Purpose of Inves.docx

Download as DOCX, PDF
K
keturahhazelhurst

Chapter 12 Searching the Network 1 Purpose of Investigation Internal investigations Misuse of company resources Penetration analysis Intrusion detection Scope of the Investigation Local area networks Application Service Providers (ASP) Cloud computing Initial Response Identify the actual problem Decide on an action Should the connections be broken or back-traced? Is conviction worth the risk of data loss? Lock down a time frame Isolate the source of the nefarious activity Identify the potential suspect(s) Point of a Response Plan Have a list of IT personnel available Have tools in place for analyzing network activity Prepare secure lines of communication that can’t be tapped Create and test a plan of action for returning systems to normal Have a good review process in place When to do Proactive Collection Current and ongoing intrusions Ongoing theft of data Misuse of company resources Suspicion of data export Internal systems may have been compromised When ascertaining whether malicious software has been embedded in the system To determine how the intrusion was accomplished Proactive Methods Keyloggers Can be hardware or software based May be subject to legal challenge System auditing Know what to audit and how Collect audit logs before they are automatically deleted Network Capture Determining authenticity Proxy servers alter IP addresses Onion routing encapsulates original packets IP spoofing rewrites the originating IP address Identifying traffic Narrow the range of targeted traffic Identify a specific acquisition window Performing a Network Capture Put network interface into promiscuous mode Configure utility (such as Wireshark) to collect packets Identify and configure a storage pool for captured traffic Analyzing the Capture Protocol identification IP address inventory Message sessionizing A to B B to A A or B to any Collecting Live Connection Data A small batch file can collect: Time/data information NetBIOS connections User statistics File shares open Open sessions Collect information only as it currently exists Post Incident Collection Event logs Application log Security log System log Application logs (not Windows) Router and Switch Forensics Don’t analyze device over network Enable logging before connecting to the device Record all volatile information first Record time-date stamps Router Data to Collect Router OS Router logs Startup and running configurations Routing tables Access lists NAT translation tables List of interfaces ...

Education
1 of 4
Chapter 12 Searching the Network 1 Purpose of Investigation Internal investigations Misuse of company resources Penetration analysis Intrusion detection Scope of the Investigation Local area networks Application Service Providers (ASP) Cloud computing Initial Response Identify the actual problem Decide on an action Should the connections be broken or back-traced? Is conviction worth the risk of data loss? Lock down a time frame Isolate the source of the nefarious activity Identify the potential suspect(s) Point of a Response Plan
Have a list of IT personnel available Have tools in place for analyzing network activity Prepare secure lines of communication that can’t be tapped Create and test a plan of action for returning systems to normal Have a good review process in place When to do Proactive Collection Current and ongoing intrusions Ongoing theft of data Misuse of company resources Suspicion of data export Internal systems may have been compromised When ascertaining whether malicious software has been embedded in the system To determine how the intrusion was accomplished Proactive Methods Keyloggers Can be hardware or software based May be subject to legal challenge System auditing Know what to audit and how Collect audit logs before they are automatically deleted Network Capture Determining authenticity Proxy servers alter IP addresses Onion routing encapsulates original packets IP spoofing rewrites the originating IP address Identifying traffic Narrow the range of targeted traffic Identify a specific acquisition window
Performing a Network Capture Put network interface into promiscuous mode Configure utility (such as Wireshark) to collect packets Identify and configure a storage pool for captured traffic Analyzing the Capture Protocol identification IP address inventory Message sessionizing A to B B to A A or B to any Collecting Live Connection Data A small batch file can collect: Time/data information NetBIOS connections User statistics File shares open Open sessions Collect information only as it currently exists Post Incident Collection Event logs Application log Security log System log Application logs (not Windows) Router and Switch Forensics
Don’t analyze device over network Enable logging before connecting to the device Record all volatile information first Record time-date stamps Router Data to Collect Router OS Router logs Startup and running configurations Routing tables Access lists NAT translation tables List of interfaces

Recommended

Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection amiable_indian
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionProgrammer
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisGTKlondike
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxUnderstanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxRineri1
 
Logs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMAAnton Chuvakin
 
Network forensics
Network forensicsNetwork forensics
Network forensicsArthyR3
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensicsprimeteacher32
 

Recommended

Data Mining and Intrusion Detection
Data Mining and Intrusion Detection Data Mining and Intrusion Detection
Data Mining and Intrusion Detection amiable_indian
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionProgrammer
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisGTKlondike
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxUnderstanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxRineri1
 
Logs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMAAnton Chuvakin
 
Network forensics
Network forensicsNetwork forensics
Network forensicsArthyR3
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensicsprimeteacher32
 
Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber AnalyticsNovetta
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Assessing network security
Assessing network securityAssessing network security
Assessing network securityAbhinit Kumar Sharma
 
First Responders Course - Session 4 - Forensic Readiness [2004]
First Responders Course - Session 4 - Forensic Readiness [2004]First Responders Course - Session 4 - Forensic Readiness [2004]
First Responders Course - Session 4 - Forensic Readiness [2004]Phil Huggins FBCS CITP
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Islam Azeddine Mennouchi
 
Razorback slides-1.1
Razorback slides-1.1Razorback slides-1.1
Razorback slides-1.1Sourcefire VRT
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensicsalrawes
 
Collecting and analyzing network-based evidence
Collecting and analyzing network-based evidenceCollecting and analyzing network-based evidence
Collecting and analyzing network-based evidenceCSITiaesprime
 
Network forensics1
Network forensics1Network forensics1
Network forensics1Santosh Khadsare
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityAPNIC
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionWei-Yu Chen
 
Ch13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security DevicesCh13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security Devicesphanleson
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxSUBHI7
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management nullowaspmumbai
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibilityedwardstudyemai
 
CY.pptx
CY.pptxCY.pptx
CY.pptxCATalyst9
 
Honeypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressHoneypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressVallie Joseph
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docxketurahhazelhurst
 
1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docxketurahhazelhurst
 

More Related Content

Similar to Chapter 12Searching the Network1Purpose of Inves.docx

Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber AnalyticsNovetta
 
First Responders Course - Session 4 - Forensic Readiness [2004]
First Responders Course - Session 4 - Forensic Readiness [2004]First Responders Course - Session 4 - Forensic Readiness [2004]
First Responders Course - Session 4 - Forensic Readiness [2004]Phil Huggins FBCS CITP
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Islam Azeddine Mennouchi
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensicsalrawes
 
Collecting and analyzing network-based evidence
Collecting and analyzing network-based evidenceCollecting and analyzing network-based evidence
Collecting and analyzing network-based evidenceCSITiaesprime
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityAPNIC
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practicesMihajlo Prerad
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionWei-Yu Chen
 
Ch13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security DevicesCh13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security Devicesphanleson
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxSUBHI7
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management nullowaspmumbai
 
Honeypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressHoneypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressVallie Joseph
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 

Similar to Chapter 12Searching the Network1Purpose of Inves.docx (20)

Novetta Cyber Analytics
Novetta Cyber AnalyticsNovetta Cyber Analytics
Novetta Cyber Analytics
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
Assessing network security
Assessing network securityAssessing network security
Assessing network security
 
First Responders Course - Session 4 - Forensic Readiness [2004]
First Responders Course - Session 4 - Forensic Readiness [2004]First Responders Course - Session 4 - Forensic Readiness [2004]
First Responders Course - Session 4 - Forensic Readiness [2004]
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
 
Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013
 
Razorback slides-1.1
Razorback slides-1.1Razorback slides-1.1
Razorback slides-1.1
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Collecting and analyzing network-based evidence
Collecting and analyzing network-based evidenceCollecting and analyzing network-based evidence
Collecting and analyzing network-based evidence
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
 
Ch13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security DevicesCh13 Protecting Networks with Security Devices
Ch13 Protecting Networks with Security Devices
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docx
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
CY.pptx
CY.pptxCY.pptx
CY.pptx
 
Honeypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World CongressHoneypots for Cloud Providers - SDN World Congress
Honeypots for Cloud Providers - SDN World Congress
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
 

More from keturahhazelhurst

1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docxketurahhazelhurst
 
1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docxketurahhazelhurst
 
1. Terrestrial Planets                           2. Astronomical.docx
1. Terrestrial Planets                           2. Astronomical.docx1. Terrestrial Planets                           2. Astronomical.docx
1. Terrestrial Planets                           2. Astronomical.docxketurahhazelhurst
 
1. Taking turns to listen to other students is not always easy f.docx
1. Taking turns to listen to other students is not always easy f.docx1. Taking turns to listen to other students is not always easy f.docx
1. Taking turns to listen to other students is not always easy f.docxketurahhazelhurst
 
1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docx1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docxketurahhazelhurst
 
1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docx1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docxketurahhazelhurst
 
1. Select a system of your choice and describe the system life-cycle.docx
1. Select a system of your choice and describe the system life-cycle.docx1. Select a system of your choice and describe the system life-cycle.docx
1. Select a system of your choice and describe the system life-cycle.docxketurahhazelhurst
 
1. Sensation refers to an actual event; perception refers to how we .docx
1. Sensation refers to an actual event; perception refers to how we .docx1. Sensation refers to an actual event; perception refers to how we .docx
1. Sensation refers to an actual event; perception refers to how we .docxketurahhazelhurst
 
1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docx1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docxketurahhazelhurst
 
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docxketurahhazelhurst
 
1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docxketurahhazelhurst
 
1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docx1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docxketurahhazelhurst
 
1. Review the three articles about Inflation that are found below th.docx
1. Review the three articles about Inflation that are found below th.docx1. Review the three articles about Inflation that are found below th.docx
1. Review the three articles about Inflation that are found below th.docxketurahhazelhurst
 
1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docx1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docxketurahhazelhurst
 
1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docx1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docxketurahhazelhurst
 
1. Research has narrowed the thousands of leadership behaviors into .docx
1. Research has narrowed the thousands of leadership behaviors into .docx1. Research has narrowed the thousands of leadership behaviors into .docx
1. Research has narrowed the thousands of leadership behaviors into .docxketurahhazelhurst
 
1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docx1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docxketurahhazelhurst
 
1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docx1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docxketurahhazelhurst
 
1. Prepare a risk management plan for the project of finding a job a.docx
1. Prepare a risk management plan for the project of finding a job a.docx1. Prepare a risk management plan for the project of finding a job a.docx
1. Prepare a risk management plan for the project of finding a job a.docxketurahhazelhurst
 
1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docx1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docxketurahhazelhurst
 

More from keturahhazelhurst (20)

1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
 
1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx
 
1. Terrestrial Planets                           2. Astronomical.docx
1. Terrestrial Planets                           2. Astronomical.docx1. Terrestrial Planets                           2. Astronomical.docx
1. Terrestrial Planets                           2. Astronomical.docx
 
1. Taking turns to listen to other students is not always easy f.docx
1. Taking turns to listen to other students is not always easy f.docx1. Taking turns to listen to other students is not always easy f.docx
1. Taking turns to listen to other students is not always easy f.docx
 
1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docx1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docx
 
1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docx1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docx
 
1. Select a system of your choice and describe the system life-cycle.docx
1. Select a system of your choice and describe the system life-cycle.docx1. Select a system of your choice and describe the system life-cycle.docx
1. Select a system of your choice and describe the system life-cycle.docx
 
1. Sensation refers to an actual event; perception refers to how we .docx
1. Sensation refers to an actual event; perception refers to how we .docx1. Sensation refers to an actual event; perception refers to how we .docx
1. Sensation refers to an actual event; perception refers to how we .docx
 
1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docx1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docx
 
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
 
1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx
 
1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docx1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docx
 
1. Review the three articles about Inflation that are found below th.docx
1. Review the three articles about Inflation that are found below th.docx1. Review the three articles about Inflation that are found below th.docx
1. Review the three articles about Inflation that are found below th.docx
 
1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docx1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docx
 
1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docx1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docx
 
1. Research has narrowed the thousands of leadership behaviors into .docx
1. Research has narrowed the thousands of leadership behaviors into .docx1. Research has narrowed the thousands of leadership behaviors into .docx
1. Research has narrowed the thousands of leadership behaviors into .docx
 
1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docx1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docx
 
1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docx1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docx
 
1. Prepare a risk management plan for the project of finding a job a.docx
1. Prepare a risk management plan for the project of finding a job a.docx1. Prepare a risk management plan for the project of finding a job a.docx
1. Prepare a risk management plan for the project of finding a job a.docx
 
1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docx1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docx
 

Recently uploaded

Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 

Recently uploaded (20)

Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 

Chapter 12Searching the Network1Purpose of Inves.docx

  • 1. Chapter 12 Searching the Network 1 Purpose of Investigation Internal investigations Misuse of company resources Penetration analysis Intrusion detection Scope of the Investigation Local area networks Application Service Providers (ASP) Cloud computing Initial Response Identify the actual problem Decide on an action Should the connections be broken or back-traced? Is conviction worth the risk of data loss? Lock down a time frame Isolate the source of the nefarious activity Identify the potential suspect(s) Point of a Response Plan
  • 2. Have a list of IT personnel available Have tools in place for analyzing network activity Prepare secure lines of communication that can’t be tapped Create and test a plan of action for returning systems to normal Have a good review process in place When to do Proactive Collection Current and ongoing intrusions Ongoing theft of data Misuse of company resources Suspicion of data export Internal systems may have been compromised When ascertaining whether malicious software has been embedded in the system To determine how the intrusion was accomplished Proactive Methods Keyloggers Can be hardware or software based May be subject to legal challenge System auditing Know what to audit and how Collect audit logs before they are automatically deleted Network Capture Determining authenticity Proxy servers alter IP addresses Onion routing encapsulates original packets IP spoofing rewrites the originating IP address Identifying traffic Narrow the range of targeted traffic Identify a specific acquisition window
  • 3. Performing a Network Capture Put network interface into promiscuous mode Configure utility (such as Wireshark) to collect packets Identify and configure a storage pool for captured traffic Analyzing the Capture Protocol identification IP address inventory Message sessionizing A to B B to A A or B to any Collecting Live Connection Data A small batch file can collect: Time/data information NetBIOS connections User statistics File shares open Open sessions Collect information only as it currently exists Post Incident Collection Event logs Application log Security log System log Application logs (not Windows) Router and Switch Forensics
  • 4. Don’t analyze device over network Enable logging before connecting to the device Record all volatile information first Record time-date stamps Router Data to Collect Router OS Router logs Startup and running configurations Routing tables Access lists NAT translation tables List of interfaces