Network Forensics.pdf
ShivamSolanki53
272 views
11 slides
Jul 10, 2023
Slide 1 of 11
1
2
3
4
5
6
7
8
9
10
11
About This Presentation
Basics of the Network Forensics
Slide Content
Department of Artificial Intelligence & Data Science
Academic Year 2022-23
Semester: Even
IA: Data Analytics and Visualization
Topic: Network Forensics
Guide: Dr. Namrata Farooq Ansari
Yash Sawalkar - 14 (Analyzing Network Traffic)
Meru Shah - 16 (Intrusion Detection System)
Rushi Sangani - (Start+Introduction)
Vikram Kandoriya - 35 (Network Based Evidence)
Shivam Solanki -65 (Evidence Handling + Investigating Router)
Academic Year 2022-23
Semester: Even
IA: Data Analytics and Visualization
Topic: Network Forensics
Guide: Dr. Namrata Farooq Ansari
Yash Sawalkar - 14 (Analyzing Network Traffic)
Meru Shah - 16 (Intrusion Detection System)
Rushi Sangani - (Start+Introduction)
Vikram Kandoriya - 35 (Network Based Evidence)
Shivam Solanki -65 (Evidence Handling + Investigating Router)
Outline of Presentation
8.1 Introduction
8.2 Intrusion Detection System
8.3 Analyzing Network Traffic
8.4 Network-Based Evidence
8.5 Evidence Handling
8.6 Investigating Routers
•
8.1 Introduction
8.2 Intrusion Detection System
8.3 Analyzing Network Traffic
8.4 Network-Based Evidence
8.5 Evidence Handling
8.6 Investigating Routers
•
Introduction
•Network forensics is capture, recording, and analysis of network packets in order to
determine the source of network security attacks.
•The major goal of network forensics is to collect evidence.
• It tries to analyse network traffic data, which is collected from different sites and different
network equipments, such as firewalls and IDS.
•A generic network forensic examination includes the following steps:
1. Identification
2.Preservation
3.Collection
4.Examination
5.Analysis
6.Presentation
7.Incident response
•Network forensics is capture, recording, and analysis of network packets in order to
determine the source of network security attacks.
•The major goal of network forensics is to collect evidence.
• It tries to analyse network traffic data, which is collected from different sites and different
network equipments, such as firewalls and IDS.
•A generic network forensic examination includes the following steps:
1. Identification
2.Preservation
3.Collection
4.Examination
5.Analysis
6.Presentation
7.Incident response
Intrusion Detection System
●The network intruder or attacker has traditionally been able
to boast of a certain amount of skill, unlike the cyber scam
artist who needs to know only enough about computers to
send mass email or the child pornographer whose technical
knowhow is limited to uploading and downloading files.
●Intrusion detection systems (IDSs) help information systems
prepare for and deal with attacks. They accomplish this by
collecting information from a variety of systems and network
sources, and then analysing the information for possible
security problems.
●The network intruder or attacker has traditionally been able
to boast of a certain amount of skill, unlike the cyber scam
artist who needs to know only enough about computers to
send mass email or the child pornographer whose technical
knowhow is limited to uploading and downloading files.
●Intrusion detection systems (IDSs) help information systems
prepare for and deal with attacks. They accomplish this by
collecting information from a variety of systems and network
sources, and then analysing the information for possible
security problems.
Analyzing Network Traffic
•Network forensics analysis, like any other forensic investigation, presents many challenges
•The first challenge is related to traffic data sniffing.
• Depending on the network configuration and security measures where the sniffer is deployed,
the tool may not capture all desired traffic data.
• To solve this issue, the network administrator should use a span port on network devices in
multiple places of the network.
•One tedious task in the network forensic is the data correlation.
• Data correlation can be either causal or temporal.
• For the latter case, timestamps should be logged as well.
•
•Network forensics analysis, like any other forensic investigation, presents many challenges
•The first challenge is related to traffic data sniffing.
• Depending on the network configuration and security measures where the sniffer is deployed,
the tool may not capture all desired traffic data.
• To solve this issue, the network administrator should use a span port on network devices in
multiple places of the network.
•One tedious task in the network forensic is the data correlation.
• Data correlation can be either causal or temporal.
• For the latter case, timestamps should be logged as well.
•
Network-Based Evidence
Capturing network communications is a serious and essential step when examining
suspected crimes or exploitations.
1.What is Network-Based Evidence?
Collecting network-based evidence involves setting up a computer system to carry out
network monitoring, setting up the network monitor, and assessing the efficiency of the
network monitor.
•
Capturing network communications is a serious and essential step when examining
suspected crimes or exploitations.
1.What is Network-Based Evidence?
Collecting network-based evidence involves setting up a computer system to carry out
network monitoring, setting up the network monitor, and assessing the efficiency of the
network monitor.
•
2.What are the Goals of Network Monitoring?
Network monitoring is not planned to prevent attacks. Instead, it permits investigators to
complete a number of tasks:
• Confirm or dismiss suspicions surrounding an alleged computer security incident.
•Collect additional evidence and information.
•Verify the scope of a settlement.
•Identify additional parties involved.
•Determine a timeline of events occurring on the network.
•Make sure of the compliance with a desired activity.
Network monitoring is not planned to prevent attacks. Instead, it permits investigators to
complete a number of tasks:
• Confirm or dismiss suspicions surrounding an alleged computer security incident.
•Collect additional evidence and information.
•Verify the scope of a settlement.
•Identify additional parties involved.
•Determine a timeline of events occurring on the network.
•Make sure of the compliance with a desired activity.
3.Types of Network Monitoring
Network monitoring consists of several different types of data collection:
•Event monitoring:
Event monitoring is based on rules or thresholds working on the network monitoring
platform.
•Trap and trace monitoring:
Noncontent observing records the session or transaction data briefing the network
activity. Law enforcement refers to such noncontent observing as a pen register or a trap
and trace.
• Full content monitoring:
Full content observing produces data that contains the raw packets collected from the
wire. It offers the highest fidelity, because it represents the actual communication passed
between computers on a network.
Network monitoring consists of several different types of data collection:
•Event monitoring:
Event monitoring is based on rules or thresholds working on the network monitoring
platform.
•Trap and trace monitoring:
Noncontent observing records the session or transaction data briefing the network
activity. Law enforcement refers to such noncontent observing as a pen register or a trap
and trace.
• Full content monitoring:
Full content observing produces data that contains the raw packets collected from the
wire. It offers the highest fidelity, because it represents the actual communication passed
between computers on a network.
Evidence Handling
•There should be some rules and regulations for performing forensic investigation.
• Rule 1: An examination should never be performed on the original media.
• Rule 2: A copy is made onto forensically sterile media. New media should always be used if
available.
• Rule 3: The copy of the evidence must be an exact, bit-by-bit copy (Sometimes referred to as
a bit-stream copy).
• Rule 4: The computer and the data on it must be protected during the acquisition of the
media to ensure that the data is not modified (Use a write blocking device when
possible).
• Rule 5: The examination must be conducted in such a way as to prevent any modification of
the evidence.
• Rule 6: The chain of the custody of all evidence must be clearly maintained to provide an
audit log of whom might have accessed the evidence and at what time.
•There should be some rules and regulations for performing forensic investigation.
• Rule 1: An examination should never be performed on the original media.
• Rule 2: A copy is made onto forensically sterile media. New media should always be used if
available.
• Rule 3: The copy of the evidence must be an exact, bit-by-bit copy (Sometimes referred to as
a bit-stream copy).
• Rule 4: The computer and the data on it must be protected during the acquisition of the
media to ensure that the data is not modified (Use a write blocking device when
possible).
• Rule 5: The examination must be conducted in such a way as to prevent any modification of
the evidence.
• Rule 6: The chain of the custody of all evidence must be clearly maintained to provide an
audit log of whom might have accessed the evidence and at what time.
Investigating Routers
•Routers can be tools used by investigators as they can be targets of attack, stepping stones for
attackers.
•To allow investigators to resolve complex network incidents, routers can provide valuable
information and evidence.
•Routers lack the data storage and functionality of many of the other technologies we have
examined in previous chapters, and thus they are less likely to be the ultimate target of
attacks.
•During network penetrations, routers are more likely to be springboards for attackers
•The information stored on routers, such as passwords, routing tables, and network block
information, makes routers a valuable first step for attackers bent on penetrating internal
networks.
•
•Routers can be tools used by investigators as they can be targets of attack, stepping stones for
attackers.
•To allow investigators to resolve complex network incidents, routers can provide valuable
information and evidence.
•Routers lack the data storage and functionality of many of the other technologies we have
examined in previous chapters, and thus they are less likely to be the ultimate target of
attacks.
•During network penetrations, routers are more likely to be springboards for attackers
•The information stored on routers, such as passwords, routing tables, and network block
information, makes routers a valuable first step for attackers bent on penetrating internal
networks.
•
Thank You
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 272
- Slides 11
- Age 879 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
33 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
36 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
33 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views