SlideShare a Scribd company logo

(130511) #fitalk network forensics and its role and scope

INSIGHT FORENSIC
INSIGHT FORENSIC

This document discusses network forensics and packet analysis. It provides an introduction to network forensics methodology and considerations for network-based digital evidence. This includes challenges like volatility, scattering of evidence across multiple sources, and encryption. The document also discusses the scope and role of network forensics, including standards for evidence acquisition, storage, analysis, and forensic readiness. Finally, it provides tips and examples for using Wireshark to analyze network traffic and identify abnormal packets through built-in features and example packet capture files.

1 of 24
Download to read offline
FORENSIC INSIGHT; DIGITAL FORENSICS COMMUNITY IN KOREA Network Forensics and its Scope & Role kevinkoo001@gmail.com May 2013
forensicinsight.org Page 2 Overview 1. Introduction 2. Considerations 3. Scope & Role for Network Forensic (Discussion) 4. Packet Analysis for Network Forensics
forensicinsight.org Page 3 Introduction  Network? • Protocols • Devices • Packets never lie!
forensicinsight.org Page 4 Introduction  Methodology (OSCAR) • Obtain information • Strategize • Collect Evidence • Analyze • Report
forensicinsight.org Page 5 Considerations  What to know when an incident occurs over network • Description • Date, time, and method of incident discovery • Persons involved • Systems and data involved • Actions taken since discovery • Summary of internal discussions • Incident manager and process • Legal issues • Time frame for investigation/recovery/resolution • Goals
forensicinsight.org Page 6 Considerations  The properties (thus challenges) of Network-based digital evidence • Communication: Between the two or among multiple participants at a certain point • Volatile: The matter of when, hard to find artifacts even in memory • Scattered: No choice but to get involved multiple sources of evidence • Storage: Possibly stores all packets on the fly?? • Privacy: Problematic if storage is available depending on jurisdiction • Seizure: Seizing a network device with a warrant? • Admissibility: No file system and no standard format  admissible in court? • Encryption: Hard to identify network traffic even though it’s detected.
forensicinsight.org Page 7 Scope & Role for Network Forensic  Things taken into account • Acquirements  Standard? Format? C.I.A? • Storage  Chain of Custody Who is eligible to get access to potential evidence? How can collected network evidence be handled in a forensically sound manner? • How to prove the originals and the copies • Analysis  Correlation from multiple sources of evidence Are all timestamp trustworthy? Is skewed timeline allowable to court? Extracted files over network! • Repeatable?
forensicinsight.org Page 8 Scope & Role for Network Forensic  DISCUSSION: Then how much does network forensics cover? • Network packet acquirement  mandatory? • If so, are all network range included? Both on the wire and in the air?? Cost??? • Are the followings part of network forensics? Log analysis for correlation Executable found in the packets Encrypted payloads in the packets (SSL/TLS/other home-brewed techniques, …) • If so, is the investigation from network-oriented security devices itself as well as all logs (eg. IDS, IPS, WAF, …)? • In real time or Post-investigation? Cost? Mandatory? • Putting all together, what should be defined as forensic readiness?
forensicinsight.org Page 9 Packet Analysis for Network Forensics
forensicinsight.org Page 10 Things to help you analyze network traffic with Wireshark  Tips to use Wireshark wisely (1/7) • Two different filters to help to investigate desired traffic (1)  Traffic Capture Filter  BNF (Berkeley Packet Filtering) in straightforward syntax (capture  capture options or Ctrl+K) (1) host 192.168.0.25 (2) net 192.168.8.0/24 or net 192.168.8.0 mask 255.255.255.0 (3) src net 192.168.0.0/16 or net 192.168.0.0 mask 255.255.0.0 (4) port 53 (5) host www.example.com and not (port 80 or port 25) (6) port not 53 and not arp (7) tcp portrange 1000-2000
forensicinsight.org Page 11 Things to help you analyze network traffic with Wireshark  Tips to use Wireshark wisely (2/7) • Two different filters to help to investigate desired traffic (2)  Display Filter (http://www.wireshark.org/docs/dfref/)  Wireshark’s own syntax (1) tcp.port eq 25 or icmp (2) ip.src == 192.168.8.0/24 and ip.dst == 192.168.0.0/16 (3) http || ssl (4) eth.addr [0:3] == 00:06:5B (5) udp contains 81:60:03 (6) http.request.uri (7) ip.addr == 10.1.2.3 (8) ip.addr != 10.2.3.4 or ip.dst != 10.6.7.9 (9) !(ip.src == 10.11.12.13)
forensicinsight.org Page 12 Things to help you analyze network traffic with Wireshark  Tips to use Wireshark wisely (3/7) • Flows of entire packets in details graphically!  Menu  Statistics  FlowGraph
forensicinsight.org Page 13 Things to help you analyze network traffic with Wireshark  Tips to use Wireshark wisely (4/7) • Statistics of entire packets in details graphically!  Menu  Statistics  I/O Graphs
forensicinsight.org Page 14 Things to help you analyze network traffic with Wireshark  Tips to use Wireshark wisely (5/7) • How to identify location information with GeoLocation in real time!  Download the GeoIP Location from Maxmind and activate it.  Menu  Statistics  Endpoints
forensicinsight.org Page 15 Things to help you analyze network traffic with Wireshark  Tips to use Wireshark wisely (6/7) • How to Extract HTTP, SMB objects from what you have captured.  Menu  File  Export  Objects  {HTTP, SMB}
forensicinsight.org Page 16 Things to help you analyze network traffic with Wireshark  How to get abnormal packets quickly • Expert Infos
forensicinsight.org Page 17 Things to help you analyze network traffic with Wireshark  Tips to use Wireshark wisely (7/7) • Powerful command-line tools (https://www.wireshark.org/docs/man-pages/)  capinfos - Prints information about capture files  dftest - Shows display filter byte-code, for debugging dfilter routines.  dumpcap - Dump network traffic  editcap - Edit and/or translate the format of capture files  idl2wrs - CORBA IDL to Wireshark Plugin Generator  mergecap - Merges two or more capture files into one  randpkt - Random Packet Generator  rawshark - Dump and analyze raw libpcap data  text2pcap - Generate a capture file from an ASCII hexdump of packets  tshark - Dump and analyze network traffic  wireshark-filter - Wireshark filter syntax and reference  wireshark - Interactively dump and analyze network traffic
forensicinsight.org Page 18 Getting used to abnormal network traffic with Samples  Trace files from Wireshark.org • 239 (1.87GB in size) pcap examples (http://wiresharkbook.com/studyguide.html)  Great samples to learn naïve network traffic  Try to catch the property of suspicious packets in particular, in advance
forensicinsight.org Page 19 Getting used to abnormal network traffic with Samples  ARP Poisoning (arp-poison.pcap) • Duplicate IP addresses are Detected!!
forensicinsight.org Page 20 Getting used to abnormal network traffic with Samples  Dictionary Attack (sec-dictionary2.pcap) • Dictionary attack against FTP server was performed! • Filter: “ftp.request.command==PASS”
forensicinsight.org Page 21 Getting used to abnormal network traffic with Samples  MAC Flooding (sec-macof.pcap) • I/O Graph shows too many packets had flooded over network! (1.28Mbps) • Source MAC must not be a group address. (Wireshark Expert Infos)
forensicinsight.org Page 22 Getting used to abnormal network traffic with Samples  Port Scanning (sec-nmap-osdetect-sV-O-v.pcap) • The same source IP, many destination ports in a target and/or many SYN/ACKs and FINs.
forensicinsight.org Page 23 References
forensicinsight.org Page 24 Question and Answer

Recommended

Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysis
GTKlondike
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
Santosh Khadsare
 
Network forensics - Follow the Bad Rabbit down the wire
Network forensics - Follow the Bad Rabbit down the wireNetwork forensics - Follow the Bad Rabbit down the wire
Network forensics - Follow the Bad Rabbit down the wire
casheeew
 
Vulnerability and Penetration Testing
Vulnerability and Penetration TestingVulnerability and Penetration Testing
Vulnerability and Penetration Testing
Jeffery Brown
 
Network based file carving
Network based file carvingNetwork based file carving
Network based file carving
GTKlondike
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
Conferencias FIST
 
Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013
Islam Azeddine Mennouchi
 

Recommended

Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysis
GTKlondike
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
n|u - The Open Security Community
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
Santosh Khadsare
 
Network forensics - Follow the Bad Rabbit down the wire
Network forensics - Follow the Bad Rabbit down the wireNetwork forensics - Follow the Bad Rabbit down the wire
Network forensics - Follow the Bad Rabbit down the wire
casheeew
 
Vulnerability and Penetration Testing
Vulnerability and Penetration TestingVulnerability and Penetration Testing
Vulnerability and Penetration Testing
Jeffery Brown
 
Network based file carving
Network based file carvingNetwork based file carving
Network based file carving
GTKlondike
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
Conferencias FIST
 
Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013Forensic Analysis - Empower Tech Days 2013
Forensic Analysis - Empower Tech Days 2013
Islam Azeddine Mennouchi
 
Lec 1 apln security(4pd)
Lec 1 apln security(4pd)Lec 1 apln security(4pd)
Lec 1 apln security(4pd)
Santosh Khadsare
 
Network Forensic Tools & Techniques Workshop
Network Forensic Tools & Techniques WorkshopNetwork Forensic Tools & Techniques Workshop
Network Forensic Tools & Techniques Workshop
Priyanka Aash
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
vishalgohel12195
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
amiable_indian
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
Seungjoo Kim
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
drewz lin
 
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat Security Conference
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
Issar Kapadia
 
International collaborative efforts to share threat data in a vetted member c...
International collaborative efforts to share threat data in a vetted member c...International collaborative efforts to share threat data in a vetted member c...
International collaborative efforts to share threat data in a vetted member c...
CODE BLUE
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Paladion Networks
 
Deep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection SystemDeep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection System
Seungjoo Kim
 
Malicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine LearningMalicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine Learning
securityxploded
 
Ariu - Ph.D. Defense Slides
Ariu - Ph.D. Defense SlidesAriu - Ph.D. Defense Slides
Ariu - Ph.D. Defense Slides
Pluribus One
 
UNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement StrategiesUNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement Strategies
Arnav Chowdhury
 
Enabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using VirtualizationEnabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using Virtualization
amiable_indian
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
APNIC
 
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Lane Huff
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
Paul Melson
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration Networks
IOSR Journals
 
( Ethical hacking tools ) Information grathring
( Ethical hacking tools ) Information grathring( Ethical hacking tools ) Information grathring
( Ethical hacking tools ) Information grathring
Gouasmia Zakaria
 
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersYou Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
Savvius, Inc
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackers
tomasperezv
 

More Related Content

What's hot

Lec 1 apln security(4pd)
Lec 1 apln security(4pd)Lec 1 apln security(4pd)
Lec 1 apln security(4pd)
Santosh Khadsare
 
Network Forensic Tools & Techniques Workshop
Network Forensic Tools & Techniques WorkshopNetwork Forensic Tools & Techniques Workshop
Network Forensic Tools & Techniques Workshop
Priyanka Aash
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
vishalgohel12195
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
amiable_indian
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
Seungjoo Kim
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
drewz lin
 
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat Security Conference
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
Issar Kapadia
 
International collaborative efforts to share threat data in a vetted member c...
International collaborative efforts to share threat data in a vetted member c...International collaborative efforts to share threat data in a vetted member c...
International collaborative efforts to share threat data in a vetted member c...
CODE BLUE
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Paladion Networks
 
Deep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection SystemDeep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection System
Seungjoo Kim
 
Malicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine LearningMalicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine Learning
securityxploded
 
Ariu - Ph.D. Defense Slides
Ariu - Ph.D. Defense SlidesAriu - Ph.D. Defense Slides
Ariu - Ph.D. Defense Slides
Pluribus One
 
UNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement StrategiesUNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement Strategies
Arnav Chowdhury
 
Enabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using VirtualizationEnabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using Virtualization
amiable_indian
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
APNIC
 
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Lane Huff
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
Paul Melson
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration Networks
IOSR Journals
 
( Ethical hacking tools ) Information grathring
( Ethical hacking tools ) Information grathring( Ethical hacking tools ) Information grathring
( Ethical hacking tools ) Information grathring
Gouasmia Zakaria
 

What's hot (20)

Lec 1 apln security(4pd)
Lec 1 apln security(4pd)Lec 1 apln security(4pd)
Lec 1 apln security(4pd)
 
Network Forensic Tools & Techniques Workshop
Network Forensic Tools & Techniques WorkshopNetwork Forensic Tools & Techniques Workshop
Network Forensic Tools & Techniques Workshop
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection tools
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
 
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
BlueHat v17 || 28 Registrations Later: Measuring the Exploitation of Residual...
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
 
International collaborative efforts to share threat data in a vetted member c...
International collaborative efforts to share threat data in a vetted member c...International collaborative efforts to share threat data in a vetted member c...
International collaborative efforts to share threat data in a vetted member c...
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
 
Deep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection SystemDeep Learning Based Real-Time DNS DDoS Detection System
Deep Learning Based Real-Time DNS DDoS Detection System
 
Malicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine LearningMalicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine Learning
 
Ariu - Ph.D. Defense Slides
Ariu - Ph.D. Defense SlidesAriu - Ph.D. Defense Slides
Ariu - Ph.D. Defense Slides
 
UNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement StrategiesUNIT IV:Security Measurement Strategies
UNIT IV:Security Measurement Strategies
 
Enabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using VirtualizationEnabling Worm and Malware Investigation Using Virtualization
Enabling Worm and Malware Investigation Using Virtualization
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network SecurityMMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
 
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration Networks
 
( Ethical hacking tools ) Information grathring
( Ethical hacking tools ) Information grathring( Ethical hacking tools ) Information grathring
( Ethical hacking tools ) Information grathring
 

Viewers also liked

You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersYou Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
Savvius, Inc
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackers
tomasperezv
 
Codec Networks Providing Courses in Cyber forensic,Network Forensics.
Codec Networks Providing Courses in Cyber forensic,Network Forensics.Codec Networks Providing Courses in Cyber forensic,Network Forensics.
Codec Networks Providing Courses in Cyber forensic,Network Forensics.
cnetworks
 
A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment framework
Mark Jayson Fuentes
 
Web Application Security Testing Tools
Web Application Security Testing ToolsWeb Application Security Testing Tools
Web Application Security Testing Tools
Eric Lai
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
Soumen Debgupta
 
Web Security
Web SecurityWeb Security
Web Security
ADIEFEH
 
Web application Security tools
Web application Security toolsWeb application Security tools
Web application Security tools
Nico Penaredondo
 

Viewers also liked (9)

You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersYou Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
 
Web security: concepts and tools used by attackers
Web security: concepts and tools used by attackersWeb security: concepts and tools used by attackers
Web security: concepts and tools used by attackers
 
Codec Networks Providing Courses in Cyber forensic,Network Forensics.
Codec Networks Providing Courses in Cyber forensic,Network Forensics.Codec Networks Providing Courses in Cyber forensic,Network Forensics.
Codec Networks Providing Courses in Cyber forensic,Network Forensics.
 
A new web application vulnerability assessment framework
A new web application vulnerability assessment frameworkA new web application vulnerability assessment framework
A new web application vulnerability assessment framework
 
Web Application Security Testing Tools
Web Application Security Testing ToolsWeb Application Security Testing Tools
Web Application Security Testing Tools
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 
Web Security
Web SecurityWeb Security
Web Security
 
Web application Security tools
Web application Security toolsWeb application Security tools
Web application Security tools
 

Similar to (130511) #fitalk network forensics and its role and scope

Practical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-onPractical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-on
QaisSaifQassim
 
Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptx
ArifinChowdhury2
 
Threat hunting on the wire
Threat hunting on the wireThreat hunting on the wire
Threat hunting on the wire
InfoSec Addicts
 
Presentation on wireshark
Presentation on wiresharkPresentation on wireshark
Presentation on wireshark
Anil Thalor
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and la
ShainaBoling829
 
Regional Internet Registry and Whois
Regional Internet Registry and WhoisRegional Internet Registry and Whois
Regional Internet Registry and Whois
APNIC
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptx
talkaton
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdf
talkaton
 
Debugging applications with network security tools
Debugging applications with network security toolsDebugging applications with network security tools
Debugging applications with network security tools
ConFoo
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
Cengage Learning
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Fwdays
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
KAMALI PRIYA P
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
Splunk
 
Kentik Network@Scale (Dan Ellis)
Kentik Network@Scale (Dan Ellis)Kentik Network@Scale (Dan Ellis)
Kentik Network@Scale (Dan Ellis)
gvillain
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
Sam Bowne
 
Finding Needles in Haystacks (The Size of Countries)
Finding Needles in Haystacks (The Size of Countries)Finding Needles in Haystacks (The Size of Countries)
Finding Needles in Haystacks (The Size of Countries)
packetloop
 
breed_python_tx_redacted
breed_python_tx_redactedbreed_python_tx_redacted
breed_python_tx_redacted
Ryan Breed
 
TransPAC3/ACE Measurement & PerfSONAR Update
TransPAC3/ACE Measurement & PerfSONAR UpdateTransPAC3/ACE Measurement & PerfSONAR Update
TransPAC3/ACE Measurement & PerfSONAR Update
International Networking at Indiana University
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
IKT-Norge
 
Noorbehbahani data preprocessing for anomaly based network intrusion
Noorbehbahani data preprocessing for anomaly based network intrusionNoorbehbahani data preprocessing for anomaly based network intrusion
Noorbehbahani data preprocessing for anomaly based network intrusion
noorbehbahani
 

Similar to (130511) #fitalk network forensics and its role and scope (20)

Practical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-onPractical 7 - Using Wireshark Tutorial and Hands-on
Practical 7 - Using Wireshark Tutorial and Hands-on
 
Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptx
 
Threat hunting on the wire
Threat hunting on the wireThreat hunting on the wire
Threat hunting on the wire
 
Presentation on wireshark
Presentation on wiresharkPresentation on wireshark
Presentation on wireshark
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and la
 
Regional Internet Registry and Whois
Regional Internet Registry and WhoisRegional Internet Registry and Whois
Regional Internet Registry and Whois
 
Network Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptxNetwork Analysis Mini Project 2.pptx
Network Analysis Mini Project 2.pptx
 
Network Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdfNetwork Analysis Mini Project 2.pdf
Network Analysis Mini Project 2.pdf
 
Debugging applications with network security tools
Debugging applications with network security toolsDebugging applications with network security tools
Debugging applications with network security tools
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
 
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
Helen Tabunshchyk "Handling large amounts of traffic on the Edge"
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
 
Splunk App for Stream
Splunk App for StreamSplunk App for Stream
Splunk App for Stream
 
Kentik Network@Scale (Dan Ellis)
Kentik Network@Scale (Dan Ellis)Kentik Network@Scale (Dan Ellis)
Kentik Network@Scale (Dan Ellis)
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
 
Finding Needles in Haystacks (The Size of Countries)
Finding Needles in Haystacks (The Size of Countries)Finding Needles in Haystacks (The Size of Countries)
Finding Needles in Haystacks (The Size of Countries)
 
breed_python_tx_redacted
breed_python_tx_redactedbreed_python_tx_redacted
breed_python_tx_redacted
 
TransPAC3/ACE Measurement & PerfSONAR Update
TransPAC3/ACE Measurement & PerfSONAR UpdateTransPAC3/ACE Measurement & PerfSONAR Update
TransPAC3/ACE Measurement & PerfSONAR Update
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 
Noorbehbahani data preprocessing for anomaly based network intrusion
Noorbehbahani data preprocessing for anomaly based network intrusionNoorbehbahani data preprocessing for anomaly based network intrusion
Noorbehbahani data preprocessing for anomaly based network intrusion
 

More from INSIGHT FORENSIC

(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics
INSIGHT FORENSIC
 
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)
INSIGHT FORENSIC
 
(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)
INSIGHT FORENSIC
 
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
INSIGHT FORENSIC
 
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend
INSIGHT FORENSIC
 
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
INSIGHT FORENSIC
 
(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts
INSIGHT FORENSIC
 
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
INSIGHT FORENSIC
 
(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch
INSIGHT FORENSIC
 
(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석
INSIGHT FORENSIC
 
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
INSIGHT FORENSIC
 
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
INSIGHT FORENSIC
 
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis
INSIGHT FORENSIC
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
INSIGHT FORENSIC
 
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)
INSIGHT FORENSIC
 
(130202) #fitalk china threat
(130202) #fitalk china threat(130202) #fitalk china threat
(130202) #fitalk china threat
INSIGHT FORENSIC
 
(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics
INSIGHT FORENSIC
 
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat
INSIGHT FORENSIC
 
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery
INSIGHT FORENSIC
 
(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)
INSIGHT FORENSIC
 

More from INSIGHT FORENSIC (20)

(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics
 
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)
 
(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)
 
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
 
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend
 
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
 
(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts
 
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
 
(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch
 
(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석
 
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
 
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
 
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
 
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)
 
(130202) #fitalk china threat
(130202) #fitalk china threat(130202) #fitalk china threat
(130202) #fitalk china threat
 
(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics
 
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat
 
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery
 
(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)
 

Recently uploaded

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Jeffrey Haguewood
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
saastr
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 

Recently uploaded (20)

Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 

(130511) #fitalk network forensics and its role and scope

  • 1. FORENSIC INSIGHT; DIGITAL FORENSICS COMMUNITY IN KOREA Network Forensics and its Scope & Role kevinkoo001@gmail.com May 2013
  • 2. forensicinsight.org Page 2 Overview 1. Introduction 2. Considerations 3. Scope & Role for Network Forensic (Discussion) 4. Packet Analysis for Network Forensics
  • 3. forensicinsight.org Page 3 Introduction  Network? • Protocols • Devices • Packets never lie!
  • 4. forensicinsight.org Page 4 Introduction  Methodology (OSCAR) • Obtain information • Strategize • Collect Evidence • Analyze • Report
  • 5. forensicinsight.org Page 5 Considerations  What to know when an incident occurs over network • Description • Date, time, and method of incident discovery • Persons involved • Systems and data involved • Actions taken since discovery • Summary of internal discussions • Incident manager and process • Legal issues • Time frame for investigation/recovery/resolution • Goals
  • 6. forensicinsight.org Page 6 Considerations  The properties (thus challenges) of Network-based digital evidence • Communication: Between the two or among multiple participants at a certain point • Volatile: The matter of when, hard to find artifacts even in memory • Scattered: No choice but to get involved multiple sources of evidence • Storage: Possibly stores all packets on the fly?? • Privacy: Problematic if storage is available depending on jurisdiction • Seizure: Seizing a network device with a warrant? • Admissibility: No file system and no standard format  admissible in court? • Encryption: Hard to identify network traffic even though it’s detected.
  • 7. forensicinsight.org Page 7 Scope & Role for Network Forensic  Things taken into account • Acquirements  Standard? Format? C.I.A? • Storage  Chain of Custody Who is eligible to get access to potential evidence? How can collected network evidence be handled in a forensically sound manner? • How to prove the originals and the copies • Analysis  Correlation from multiple sources of evidence Are all timestamp trustworthy? Is skewed timeline allowable to court? Extracted files over network! • Repeatable?
  • 8. forensicinsight.org Page 8 Scope & Role for Network Forensic  DISCUSSION: Then how much does network forensics cover? • Network packet acquirement  mandatory? • If so, are all network range included? Both on the wire and in the air?? Cost??? • Are the followings part of network forensics? Log analysis for correlation Executable found in the packets Encrypted payloads in the packets (SSL/TLS/other home-brewed techniques, …) • If so, is the investigation from network-oriented security devices itself as well as all logs (eg. IDS, IPS, WAF, …)? • In real time or Post-investigation? Cost? Mandatory? • Putting all together, what should be defined as forensic readiness?
  • 9. forensicinsight.org Page 9 Packet Analysis for Network Forensics
  • 10. forensicinsight.org Page 10 Things to help you analyze network traffic with Wireshark  Tips to use Wireshark wisely (1/7) • Two different filters to help to investigate desired traffic (1)  Traffic Capture Filter  BNF (Berkeley Packet Filtering) in straightforward syntax (capture  capture options or Ctrl+K) (1) host 192.168.0.25 (2) net 192.168.8.0/24 or net 192.168.8.0 mask 255.255.255.0 (3) src net 192.168.0.0/16 or net 192.168.0.0 mask 255.255.0.0 (4) port 53 (5) host www.example.com and not (port 80 or port 25) (6) port not 53 and not arp (7) tcp portrange 1000-2000
  • 11. forensicinsight.org Page 11 Things to help you analyze network traffic with Wireshark  Tips to use Wireshark wisely (2/7) • Two different filters to help to investigate desired traffic (2)  Display Filter (http://www.wireshark.org/docs/dfref/)  Wireshark’s own syntax (1) tcp.port eq 25 or icmp (2) ip.src == 192.168.8.0/24 and ip.dst == 192.168.0.0/16 (3) http || ssl (4) eth.addr [0:3] == 00:06:5B (5) udp contains 81:60:03 (6) http.request.uri (7) ip.addr == 10.1.2.3 (8) ip.addr != 10.2.3.4 or ip.dst != 10.6.7.9 (9) !(ip.src == 10.11.12.13)
  • 12. forensicinsight.org Page 12 Things to help you analyze network traffic with Wireshark  Tips to use Wireshark wisely (3/7) • Flows of entire packets in details graphically!  Menu  Statistics  FlowGraph
  • 13. forensicinsight.org Page 13 Things to help you analyze network traffic with Wireshark  Tips to use Wireshark wisely (4/7) • Statistics of entire packets in details graphically!  Menu  Statistics  I/O Graphs
  • 14. forensicinsight.org Page 14 Things to help you analyze network traffic with Wireshark  Tips to use Wireshark wisely (5/7) • How to identify location information with GeoLocation in real time!  Download the GeoIP Location from Maxmind and activate it.  Menu  Statistics  Endpoints
  • 15. forensicinsight.org Page 15 Things to help you analyze network traffic with Wireshark  Tips to use Wireshark wisely (6/7) • How to Extract HTTP, SMB objects from what you have captured.  Menu  File  Export  Objects  {HTTP, SMB}
  • 16. forensicinsight.org Page 16 Things to help you analyze network traffic with Wireshark  How to get abnormal packets quickly • Expert Infos
  • 17. forensicinsight.org Page 17 Things to help you analyze network traffic with Wireshark  Tips to use Wireshark wisely (7/7) • Powerful command-line tools (https://www.wireshark.org/docs/man-pages/)  capinfos - Prints information about capture files  dftest - Shows display filter byte-code, for debugging dfilter routines.  dumpcap - Dump network traffic  editcap - Edit and/or translate the format of capture files  idl2wrs - CORBA IDL to Wireshark Plugin Generator  mergecap - Merges two or more capture files into one  randpkt - Random Packet Generator  rawshark - Dump and analyze raw libpcap data  text2pcap - Generate a capture file from an ASCII hexdump of packets  tshark - Dump and analyze network traffic  wireshark-filter - Wireshark filter syntax and reference  wireshark - Interactively dump and analyze network traffic
  • 18. forensicinsight.org Page 18 Getting used to abnormal network traffic with Samples  Trace files from Wireshark.org • 239 (1.87GB in size) pcap examples (http://wiresharkbook.com/studyguide.html)  Great samples to learn naïve network traffic  Try to catch the property of suspicious packets in particular, in advance
  • 19. forensicinsight.org Page 19 Getting used to abnormal network traffic with Samples  ARP Poisoning (arp-poison.pcap) • Duplicate IP addresses are Detected!!
  • 20. forensicinsight.org Page 20 Getting used to abnormal network traffic with Samples  Dictionary Attack (sec-dictionary2.pcap) • Dictionary attack against FTP server was performed! • Filter: “ftp.request.command==PASS”
  • 21. forensicinsight.org Page 21 Getting used to abnormal network traffic with Samples  MAC Flooding (sec-macof.pcap) • I/O Graph shows too many packets had flooded over network! (1.28Mbps) • Source MAC must not be a group address. (Wireshark Expert Infos)
  • 22. forensicinsight.org Page 22 Getting used to abnormal network traffic with Samples  Port Scanning (sec-nmap-osdetect-sV-O-v.pcap) • The same source IP, many destination ports in a target and/or many SYN/ACKs and FINs.