Network forensics is the capture, recording, and analysis of network events and traffic in order to discover the source of security attacks or other problem incidents. It involves systematically capturing and analyzing network traffic and events to trace and prove a network security incident. Network forensics provides crucial network-based evidence that can be used to successfully prosecute criminals. It is a difficult process that depends on maintaining high-quality network information.
The document summarizes a presentation on network forensics and lessons learned from the July 2007 London attacks. The presentation covered early adoption of firewalls and DMZs, intrusion prevention systems, the use of fingerprints and DNA in forensics, the 2004 Madrid train bombings and 2005 London bombings. It discussed the police investigation into the London attacks including identifying suspects from CCTV footage and a practice run captured on video. The presentation proposed the use of network monitoring tools as a forensic technique and discussed challenges of detecting slow scan attacks and those using random ports or covert channels.
Presentazione per il corso di Reti di Calcolatori all'Università Ca' Foscari di Venezia, anno accademico 2012-2013.
Il link nell'ultima slide è stato disattivato, quello corretto per la relazione in PDF è:
https://www.dropbox.com/s/w78uwpsm7xm1yr1/RelazioneNetworkForensics.pdf
This document provides an overview of network sniffing and packet analysis using Wireshark. It discusses why sniffing is useful for understanding network activity, troubleshooting issues, and performing computer forensics. The document outlines topics like the basic techniques of sniffing, an introduction to Wireshark and its features, analyzing common network protocols, and examples of case studies sniffing could be used for. It emphasizes that patience is a prerequisite and encourages interactive discussion.
Wireshark is a free and open-source packet analyzer that can be used to capture packets on a network for troubleshooting purposes, with options to filter captures by IP address, port number, or other criteria. Wireshark runs either directly on the device being monitored or by configuring port mirroring on a switch to send traffic to a separate machine running Wireshark. The document discusses different locations and methods for capturing packets both on and off the target device.
This document discusses various techniques for hiding data in the Microsoft Windows operating system. It covers logical techniques like assigning hidden and system attributes, changing file extensions and icons. It also discusses more advanced techniques like using alternate data streams that allow hiding data in files, and using class identifiers (CLSIDs) meant for special folders for regular folders to disguise hidden data. The document provides an overview of the NTFS file system used by Windows and how its alternate data stream feature can be exploited for data hiding. It also recommends some tools that can be used to detect hidden data streams.
This document provides an introduction to the packet analysis tool Wireshark. It introduces key people involved in Wireshark including creator Gerald Combs and trainer Laura Chappell. It reviews common network protocols like Ethernet, IP, TCP and TCP/IP. It provides an overview of how to use Wireshark including capturing packets, filtering displays, saving files and more. The document concludes with resources for learning more about Wireshark and guides for certification.
This document provides an overview of steganography, including:
1) Steganography is the art of hiding information in plain sight so that the very existence of a hidden message is concealed. It works by embedding messages within images, audio, or other files.
2) Modern uses include digital watermarking to identify ownership, hiding sensitive files, and illegitimate uses like corporate espionage, terrorism, and child pornography.
3) Techniques include least significant bit insertion to replace bits in files, injection to directly embed messages, and generating new files from scratch. Detection methods like steganalysis aim to discover hidden information.
Network forensics is the capture, recording, and analysis of network events and traffic in order to discover the source of security attacks or other problem incidents. It involves systematically capturing and analyzing network traffic and events to trace and prove a network security incident. Network forensics provides crucial network-based evidence that can be used to successfully prosecute criminals. It is a difficult process that depends on maintaining high-quality network information.
The document summarizes a presentation on network forensics and lessons learned from the July 2007 London attacks. The presentation covered early adoption of firewalls and DMZs, intrusion prevention systems, the use of fingerprints and DNA in forensics, the 2004 Madrid train bombings and 2005 London bombings. It discussed the police investigation into the London attacks including identifying suspects from CCTV footage and a practice run captured on video. The presentation proposed the use of network monitoring tools as a forensic technique and discussed challenges of detecting slow scan attacks and those using random ports or covert channels.
Presentazione per il corso di Reti di Calcolatori all'Università Ca' Foscari di Venezia, anno accademico 2012-2013.
Il link nell'ultima slide è stato disattivato, quello corretto per la relazione in PDF è:
https://www.dropbox.com/s/w78uwpsm7xm1yr1/RelazioneNetworkForensics.pdf
This document provides an overview of network sniffing and packet analysis using Wireshark. It discusses why sniffing is useful for understanding network activity, troubleshooting issues, and performing computer forensics. The document outlines topics like the basic techniques of sniffing, an introduction to Wireshark and its features, analyzing common network protocols, and examples of case studies sniffing could be used for. It emphasizes that patience is a prerequisite and encourages interactive discussion.
Wireshark is a free and open-source packet analyzer that can be used to capture packets on a network for troubleshooting purposes, with options to filter captures by IP address, port number, or other criteria. Wireshark runs either directly on the device being monitored or by configuring port mirroring on a switch to send traffic to a separate machine running Wireshark. The document discusses different locations and methods for capturing packets both on and off the target device.
This document discusses various techniques for hiding data in the Microsoft Windows operating system. It covers logical techniques like assigning hidden and system attributes, changing file extensions and icons. It also discusses more advanced techniques like using alternate data streams that allow hiding data in files, and using class identifiers (CLSIDs) meant for special folders for regular folders to disguise hidden data. The document provides an overview of the NTFS file system used by Windows and how its alternate data stream feature can be exploited for data hiding. It also recommends some tools that can be used to detect hidden data streams.
This document provides an introduction to the packet analysis tool Wireshark. It introduces key people involved in Wireshark including creator Gerald Combs and trainer Laura Chappell. It reviews common network protocols like Ethernet, IP, TCP and TCP/IP. It provides an overview of how to use Wireshark including capturing packets, filtering displays, saving files and more. The document concludes with resources for learning more about Wireshark and guides for certification.
This document provides an overview of steganography, including:
1) Steganography is the art of hiding information in plain sight so that the very existence of a hidden message is concealed. It works by embedding messages within images, audio, or other files.
2) Modern uses include digital watermarking to identify ownership, hiding sensitive files, and illegitimate uses like corporate espionage, terrorism, and child pornography.
3) Techniques include least significant bit insertion to replace bits in files, injection to directly embed messages, and generating new files from scratch. Detection methods like steganalysis aim to discover hidden information.