This week, we learned about Malware. Malware, or Malicious Software, is a software that is specifically created to damage, disrupt, or gain unauthorized access to a computer system. One way to identify malware using network forensics methodology is through Security … Continue reading →

This week, we learned about routers, switches, and firewall. Switches map MAC addresses to switch ports. Switches are also able to locate the physical locations of MAC addresses. ARP(Address Resolution Protocol) tables allow users to convert MAC Addresses into IP … Continue reading →

This week, we learned about Log Correlation and Analysis. There are various sources of logs including OS logs(event logs, syslog), Application Logs(SMTP logs, server logs), Physical Device logs(Camera logs, UPS, logs), and Net Equip logs. Windows logs are usually the … Continue reading →

This week, we learned about Network Intrusion Detection and Analysis. NIDS(Network Intrusion Detection System) is a system that detects malicious traffic on a network. NIDS require promiscuous network access to analyze traffic such as unicast traffic. NIDS do not interfere … Continue reading →

This week, we learned about network forensics in wireless networks. Cases involving wireless network include recovering stolen gadgets by tracking it on wireless network, investigate malicious or suspicious activity in wireless network, investigate attack on wireless network including DDoS, encryption … Continue reading →

This week, we learned about the techniques and tools that can be used for evidence acquisition through capturing or sniffing packets. Physical interception can be referred to as passive packet acquisition of data that is transmitted through wire. The tools … Continue reading →

This week, we learned about the tools required to acquire evidence and to analyze them. A pcap file can be used as evidence alongside many others. Flow Analysis is a technique of monitoring network activity to identify anomalies such as … Continue reading →

This week, we learned about the sources of network-based evidence such as: On the wire: physical cabling that carries data over the network, can provide real time network data through wire tapping . In the air: wireless signals between stations(radio … Continue reading →

Network Forensics is a sub-branch of digital forensics concerning the capture, recording, and analysis of network events with the purpose of discovering the source of security attacks, information gathering, and find legal evidence. There are a lot of resources that … Continue reading →