GTKlondike, profile picture
Uploaded byGTKlondike
PPTX, PDF1,610 views

Network based file carving

This document provides information about a presentation on network packet analysis and file carving techniques. The presenter is introduced as a security researcher and systems administrator with experience in networking and security consulting. An overview of the presentation outlines the assumed knowledge, tools that will be used including Wireshark and Network Miner, and the methodology of pattern matching, identifying conversations, exporting data, and drawing conclusions. Additional resources on sample packet captures and further reading are also referenced.

Embed presentation

Downloaded 22 times
OR I know what you downloaded last night! By: GTKlondike
Oh hey, that guy…
I Am… Hacker/independent security researcher/subspace half-ninja Several years of experience in network infrastructure and security consulting as well as systems administration (Routing, Switching, Firewalls, Servers) Passionate about networking I’m friendly, just come up and say hi Contact Info: Email: gtklondike@gmail.com Zombie-Blog: gtknetrunner.blogspot.com
What should you know already? Assumed basic knowledge of: Protocol analyzers (Wireshark/TCPdump) OSI and TCP/IP model Major protocols (I.e. DNS, HTTP(s), TCP, UDP, DHCP, ARP, IP, etc.)
Tools I Will Be Using Wireshark Network Miner Hex editor Scalpel File Signature Database http://www.garykessler.net/library/file_sigs.html
What Is File Carving? It’s a word search on steroids!
Pcap Analysis Methodology 1. Pattern Matching – Identify and filter packets of interest by matching specific values or protocol meta-data 2. List Conversations – List all conversation streams within the filtered packet capture 3. Export - Isolate and export specific conversation streams of interest 4. Draw Conclusions – Extract files or data from streams and compile data
Yeah…. Security Onion: /opt/samples/fake_av.pcap
Security Onion: /opt/samples/fake_av.pcap
Security Onion: /opt/samples/fake_av.pcap
Additional Information (Pcap Files) http://www.netresec.com/?page=PcapFiles http://forensicscontest.com/puzzles http://www.honeynet.org/node/504 https://www.evilfingers.com/repository/pcaps.php http://code.google.com/p/security-onion/wiki/Pcaps
Further Reading Network-Based File Carving http://blogs.cisco.com/security/network-based-file-carving/ Practical Packet Analysis: Using Wireshark to Solve Real- World Network Problems By: Chris Sanders Network Forensics: Tracking Hackers Through Cyberspace By: Sherri Davidoff, Jonathan Ham Guide to Integrating Forensic Techniques into Incident Response http://csrc.nist.gov/publications/nistpubs/800-86/SP800- 86.pdf File Signatures http://www.garykessler.net/library/file_sigs.html

More Related Content

PPTX
Network forensic
byManjushree Mashal
 
PPTX
Forensic Analysis - Empower Tech Days 2013
byIslam Azeddine Mennouchi
 
PPTX
Open source network forensics and advanced pcap analysis
byGTKlondike
 
PPTX
Vulnerability and Penetration Testing
byJeffery Brown
 
PDF
Network Forensics: Packet Analysis Using Wireshark
byn|u - The Open Security Community
 
PDF
(130511) #fitalk network forensics and its role and scope
byINSIGHT FORENSIC
 
PPTX
Tcpdump hunter
byAndrew McNicol
 
PDF
CNIT 50: 6. Command Line Packet Analysis Tools
bySam Bowne
 
Network forensic
byManjushree Mashal
 
Forensic Analysis - Empower Tech Days 2013
byIslam Azeddine Mennouchi
 
Open source network forensics and advanced pcap analysis
byGTKlondike
 
Vulnerability and Penetration Testing
byJeffery Brown
 
Network Forensics: Packet Analysis Using Wireshark
byn|u - The Open Security Community
 
(130511) #fitalk network forensics and its role and scope
byINSIGHT FORENSIC
 
Tcpdump hunter
byAndrew McNicol
 
CNIT 50: 6. Command Line Packet Analysis Tools
bySam Bowne
 

What's hot

PPT
Network forensics1
bySantosh Khadsare
 
PDF
2. Collecting Network Traffic & 3. Standalone NSM Deployment
bySam Bowne
 
PPTX
Network traffic analysis with cyber security
byKAMALI PRIYA P
 
PPTX
Hadoop / Spark on Malware Expression
byMapR Technologies
 
PDF
Wireshark - Basics
byYoram Orzach
 
PDF
Wireshark
byDeris Stiawan
 
PPTX
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
byPaladion Networks
 
PDF
Snort alert signatures
byDeris Stiawan
 
PDF
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
byAPNIC
 
PDF
Network Forensic
bySujeet Kumar
 
PDF
Talk28oct14
bymjos
 
PPTX
Hacking - penetration tools
byJenishChauhan4
 
PDF
Wired and Wireless Network Forensics
bySavvius, Inc
 
PPTX
Defense against botnets
byVaibhav Ahlawat
 
PDF
Malicious Domain Profiling
byE Hacking
 
PPT
Lec 1 apln security(4pd)
bySantosh Khadsare
 
PPT
Malware Analysis Made Simple
byPaul Melson
 
PDF
Ariu - Ph.D. Defense Slides
byPluribus One
 
PPT
Hacking step (Methodology)
byGreater Noida Institute Of Technology
 
PPT
Applied Detection and Analysis with Flow Data - SO Con 2014
bychrissanders88
 
Network forensics1
bySantosh Khadsare
 
2. Collecting Network Traffic & 3. Standalone NSM Deployment
bySam Bowne
 
Network traffic analysis with cyber security
byKAMALI PRIYA P
 
Hadoop / Spark on Malware Expression
byMapR Technologies
 
Wireshark - Basics
byYoram Orzach
 
Wireshark
byDeris Stiawan
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
byPaladion Networks
 
Snort alert signatures
byDeris Stiawan
 
MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security
byAPNIC
 
Network Forensic
bySujeet Kumar
 
Talk28oct14
bymjos
 
Hacking - penetration tools
byJenishChauhan4
 
Wired and Wireless Network Forensics
bySavvius, Inc
 
Defense against botnets
byVaibhav Ahlawat
 
Malicious Domain Profiling
byE Hacking
 
Lec 1 apln security(4pd)
bySantosh Khadsare
 
Malware Analysis Made Simple
byPaul Melson
 
Ariu - Ph.D. Defense Slides
byPluribus One
 
Hacking step (Methodology)
byGreater Noida Institute Of Technology
 
Applied Detection and Analysis with Flow Data - SO Con 2014
bychrissanders88
 

Viewers also liked

PDF
Data carving using artificial headers info sec conference
byRobert Daniel
 
PPTX
JPEG emerging standards
byTouradj Ebrahimi
 
PPTX
Advances in File Carving
byRob Zirnstein
 
PDF
Network Forensics
byConferencias FIST
 
PPTX
File carving
byAnsviaLab
 
PPTX
Convert Wireshark PCAP Files to Sequence Diagrams
byEventHelix.com Inc.
 
PPT
File Carving
byAakarsh Raj
 
PPTX
Wireshark
byDeepika Ojha
 
PPTX
Wireshark
bySourav Roy
 
PPTX
OWASP Mobile TOP 10 2014
byIslam Azeddine Mennouchi
 
Data carving using artificial headers info sec conference
byRobert Daniel
 
JPEG emerging standards
byTouradj Ebrahimi
 
Advances in File Carving
byRob Zirnstein
 
Network Forensics
byConferencias FIST
 
File carving
byAnsviaLab
 
Convert Wireshark PCAP Files to Sequence Diagrams
byEventHelix.com Inc.
 
File Carving
byAakarsh Raj
 
Wireshark
byDeepika Ojha
 
Wireshark
bySourav Roy
 
OWASP Mobile TOP 10 2014
byIslam Azeddine Mennouchi
 

Similar to Network based file carving

PPTX
Detecting Reconnaissance Through Packet Forensics by Shashank Nigam
byOWASP Delhi
 
PPTX
Sanitizing PCAPs
byJasper Bongertz
 
PDF
Network traffic analysis course
byTECHNOLOGY CONTROL CO.
 
PPTX
USE_OF_PACKET_CAPTURE.pptx
byrajaguru91
 
PDF
Network_Forenic_Training_for_beginner.pdf
byTngPhanThanh8
 
PDF
Network Forensics and Practical Packet Analysis
byPriyanka Aash
 
PPTX
Packet Sniffer
byvilss
 
PDF
Debugging applications with network security tools
byConFoo
 
PDF
CNIT 121: 9 Network Evidence
bySam Bowne
 
PDF
CNIT 152: 9 Network Evidence
bySam Bowne
 
PDF
3.7.10 Lab Use Wireshark to View Network Traffic
byRio Ap
 
PDF
TCP Sorcery
bySecurity B-Sides
 
PPT
Wireshark Basics
byYoram Orzach
 
PDF
CNIT 152: 9 Network Evidence
bySam Bowne
 
PDF
Network forensics - Follow the Bad Rabbit down the wire
bycasheeew
 
PDF
Wireshark 101 - OWASP Chandigarh Meetup - CyberForge Academy
bycyberforgeacademy
 
PPT
wiresharktslecturev10006july2009-12501942038813-phpapp03.ppt
byRohitAhuja58
 
PPT
Network Scanning Phases and Supporting Tools
byJoseph Bugeja
 
PDF
Chapter 3 footprinting
bySetia Juli Irzal Ismail
 
PPTX
Wireshark network analysing software
bydharmesh nakum
 
Detecting Reconnaissance Through Packet Forensics by Shashank Nigam
byOWASP Delhi
 
Sanitizing PCAPs
byJasper Bongertz
 
Network traffic analysis course
byTECHNOLOGY CONTROL CO.
 
USE_OF_PACKET_CAPTURE.pptx
byrajaguru91
 
Network_Forenic_Training_for_beginner.pdf
byTngPhanThanh8
 
Network Forensics and Practical Packet Analysis
byPriyanka Aash
 
Packet Sniffer
byvilss
 
Debugging applications with network security tools
byConFoo
 
CNIT 121: 9 Network Evidence
bySam Bowne
 
CNIT 152: 9 Network Evidence
bySam Bowne
 
3.7.10 Lab Use Wireshark to View Network Traffic
byRio Ap
 
TCP Sorcery
bySecurity B-Sides
 
Wireshark Basics
byYoram Orzach
 
CNIT 152: 9 Network Evidence
bySam Bowne
 
Network forensics - Follow the Bad Rabbit down the wire
bycasheeew
 
Wireshark 101 - OWASP Chandigarh Meetup - CyberForge Academy
bycyberforgeacademy
 
wiresharktslecturev10006july2009-12501942038813-phpapp03.ppt
byRohitAhuja58
 
Network Scanning Phases and Supporting Tools
byJoseph Bugeja
 
Chapter 3 footprinting
bySetia Juli Irzal Ismail
 
Wireshark network analysing software
bydharmesh nakum
 

Recently uploaded

PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
apidays New York 2025 | AI in Application Security
byapidays
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Workflow and decision Automation with Flowable
bychakib ch
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 

Network based file carving

  • 1.
    OR I knowwhat you downloaded last night! By: GTKlondike
  • 2.
  • 3.
    I Am… Hacker/independentsecurity researcher/subspace half-ninja Several years of experience in network infrastructure and security consulting as well as systems administration (Routing, Switching, Firewalls, Servers) Passionate about networking I’m friendly, just come up and say hi Contact Info: Email: gtklondike@gmail.com Zombie-Blog: gtknetrunner.blogspot.com
  • 4.
    What should youknow already? Assumed basic knowledge of: Protocol analyzers (Wireshark/TCPdump) OSI and TCP/IP model Major protocols (I.e. DNS, HTTP(s), TCP, UDP, DHCP, ARP, IP, etc.)
  • 5.
    Tools I WillBe Using Wireshark Network Miner Hex editor Scalpel File Signature Database http://www.garykessler.net/library/file_sigs.html
  • 6.
    What Is FileCarving? It’s a word search on steroids!
  • 7.
    Pcap Analysis Methodology 1. Pattern Matching – Identify and filter packets of interest by matching specific values or protocol meta-data 2. List Conversations – List all conversation streams within the filtered packet capture 3. Export - Isolate and export specific conversation streams of interest 4. Draw Conclusions – Extract files or data from streams and compile data
  • 8.
    Yeah…. Security Onion:/opt/samples/fake_av.pcap
  • 9.
  • 10.
  • 11.
    Additional Information (PcapFiles) http://www.netresec.com/?page=PcapFiles http://forensicscontest.com/puzzles http://www.honeynet.org/node/504 https://www.evilfingers.com/repository/pcaps.php http://code.google.com/p/security-onion/wiki/Pcaps
  • 12.
    Further Reading Network-BasedFile Carving http://blogs.cisco.com/security/network-based-file-carving/ Practical Packet Analysis: Using Wireshark to Solve Real- World Network Problems By: Chris Sanders Network Forensics: Tracking Hackers Through Cyberspace By: Sherri Davidoff, Jonathan Ham Guide to Integrating Forensic Techniques into Incident Response http://csrc.nist.gov/publications/nistpubs/800-86/SP800- 86.pdf File Signatures http://www.garykessler.net/library/file_sigs.html