Network Miner Network forensics

1,775 views 18 slides May 16, 2019
Slide 1
Slide 1 of 18
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18

About This Presentation

Introduction
Digital Forensics
Network Forensic
Why?
Network Miner
Network Miner- Features
Screenshots
Demo – Live Capture
Demo – Scenario Analysis
Conclusion
References

Size: 5.06 MB
Language: en
Added: May 16, 2019
Slides: 18 pages

Slide Content

Network Miner Sreekanth N

Agenda Introduction Digital Forensics Network Forensic Why? Network Miner Network Miner- Features Screenshots Demo – Live Capture Demo – Scenario Analysis Conclusion References

Introduction - Digital forensics Collection, preservation, analysis and presentation of computer-related evidence Determining the past actions that have taken place on a computer system using computer forensic techniques Attempts to retrieve information even if it has been altered or erased so it can be used in the pursuit of an attacker or a criminal Incident Response Live System Analysis Computer Forensics Post-Mortem Analysis

Introduction - Network forensics Network forensics is the process of capturing information that moves over a network and trying to make sense of it in some kind of forensics capacity. Network forensics is the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents. A network forensics appliance is a device that automates this process. Network forensics systems can be one of two kinds: "Catch-it-as-you-can" systems, in which all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. "Stop, look and listen" systems, in which each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis.

Introduction – Why Network forensics ? Network Forensics is the process of collecting and analyzing raw network data and then tracking network traffic to determine how an attack took place. When intruders break into a network they leave a trail. Need to spot variations in network traffic to detect anomalies. Network forensics can usually help to determine whether network has been attacked or there is a user error.

Introduction – Network Miner An  open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X). Used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. Can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files. It is easy to perform advanced Network Traffic Analysis (NTA) as the extracted artifacts are displayed in an intuitive user interface.

Features Network Miner can extract files, emails and certificates transferred over the network by parsing a PCAP file or by sniffing traffic directly from the network . User credentials (usernames and passwords) for supported protocols are extracted and displayed under the "Credentials" tab. The credentials tab sometimes also show information that can be used to identify a particular person, such as user accounts for popular online services like Gmail or Facebook . A user can search sniffed or stored data for keywords. Network Miner allows the user to insert arbitrary string or byte-patterns that shall be searched for with the keyword search functionality.

Screenshots

Screenshots

Screenshots

Screenshots

Screenshots

Screenshots

Screenshots

Demo – Live Capture

DEMO – Scenario – MIKES COMPUTER ACTING WEIRD Mike calls the Help Desk and says his desktop computer is "acting weird" but he refuses to provide any details.  The Help Desk reports it to your organization's Security Operations Center (SOC).  A phone call to Mike doesn't reveal any details.  He insists his computer is "acting weird" but will not say what, exactly, is wrong. One of the SOC analysts searched through network traffic and retreived a pcap related to this activity.  This traffic occurred shortly before Mike called the Help Desk.  The analyst cannot figure out what happened, so you've been asked to take a look. You review the pcap and take notes.  First, you document the following: Date and time of the activity IP address of Mike desktop computer Host name of Mike's desktop computer MAC address of Mike's desktop computer Source : http ://malware-traffic-analysis.net/2015/02/08/index.html

References https://www.netresec.com/? page=Networkminer https:// www.slideshare.net/cisoplatform7/network-forensics-and-practical-packet-analysis?from_action=save

Thankyou
Tags
network forensics forensics hacking evidence collection tools kali
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 1,775
  • Slides 18
  • Age 2392 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
31 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
29 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views
View More in This Category