Network forensic

manjushreemm 10,163 views 16 slides Aug 06, 2018
Slide 1
Slide 1 of 16
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16

About This Presentation

The development of intelligent network forensic tools to focus on specific type of network traffic analysis is a challenge in terms of future perspective.

This will reduce time delays, less computational resources requirement; minimize attacks, providing reliable and secured evidences, and efficie...

Size: 326.72 KB
Language: en
Added: Aug 06, 2018
Slides: 16 pages

Slide Content

NETWORK FORENSIC New paradigm in Network Analysis

CONTENTS Introduction Network Forensic Examination Steps Network Forensic Methods Network Forensic with Network Protocol Network Forensic Analysis Tools

INTRODUCTION Network forensics is categorized as a single branch of digital forensics ; it includes the areas of monitoring and analyzing computer network traffic and allows individuals to gather information, compile evidence, and/or detect intrusions.

CIA Process for Network Forensic

Network Forensic Examination Steps Identification : recognizing and determining an incident based on network indicators. This step is significant since it has an impact in the following steps. Preservation : securing and isolating the state of physical and logical evidences from being altered, such as, for example, protection from electromagnetic damage or interference. Collection : Recording the physical scene and duplicating digital evidence using standardized methods and procedures. Examination : in-depth systematic search of evidence relating to the network attack. This focuses on identifying and discovering potential evidence and building detailed documentation for analysis. Analysis : determine significance, reconstruct packets of network traffic data and draw conclusions based on evidence found. Presentation : summarize and provide explanation of drawn conclusions. Incident Response:  The response to attack or intrusion detected is initiated based on the information gathered to validate and assess the incident.

Network Forensic Methods Catch-it –as-you-can Stop, look and listen

Network Forensic with Network Protocol Network F orensic methods can be applied within the different network protocols or layers . ETHERNET TCP/IP INTERNET WIRELESS

ETHERNET Methods are achieved with eavesdropping bit streams (on the Ethernet layer). Uses monitoring tools or sniffers (Wireshark ,Tcpdump) P rotocols can be consulted for filter traffic and reconstruct attachment transmitted, such as the Address Resolution Protocol (ARP) Network Interface Card (NIC), but can be averted with encryption Disadvantage is large storage Capacity.

TCP/IP Methods are achieved with router information investigations (on the Network layer). Each router includes routing tables to pass along packets. These are some of the best information sources for data tracking . Follow compromised packets, reverse route, ID the source Network layer also provides authentication log evidence

INTERNET Methods are achieved by identifying server logs (on the Internet). Includes web-browsing, email, chat, and other types of traffic & communication Server logs collect information Email accounts have useful information except when email headers are faked

Wireless Forensic Methods are achieved by collecting & analyzing wireless traffic (Wireless Networks). Mobile Phones A sub-discipline of the field To get that which is considered “valid digital evidence” This can be normal data OR voice communications via VoIP Analysis is similar to wired network situations, with different security issues

Network Forensic Analysis Tools F unctions of a Network Forensic Analysis Tool : Network traffic capturing and analysis Evaluation of network performance Detection of anomalies and misuse of resources Determination of network protocols in use Aggregating data from multiple sources Security investigations and incident response Protection of intellectual property

Network Forensic Tools dumpcap , pcapdump and netsniff -ng – Packet Sniffer tcpdump , wireshark / tshark and tstat   - Protocol Analyzers

Advantages of Network forensic Network Performance Benchmarking Network Troubleshooting Transactional Analysis Security Attack Analysis

Network Forensic Challenges

Conclusion The development of intelligent network forensic tools to focus on specific type of network traffic analysis is a challenge in terms of future perspective . This will reduce time delays, less computational resources requirement; minimize attacks, providing reliable and secured evidences, and efficient investigation with minimum efforts
Tags
network forensic networking network protocol network forensic
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 10,163
  • Slides 16
  • Favorites 7
  • Age 2675 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
30 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views
View More in This Category