Uploaded byprimeteacher32
PPTX, PDF14,593 views

Network Forensics

Network forensics involves collecting and analyzing network data and traffic to determine how attacks occur. It is important to establish standard forensic procedures and know normal network traffic patterns to detect variations. Tools like packet analyzers, Sysinternals, and honeypots can help monitor traffic and identify intrusions. The Honeynet Project aims to increase security awareness by observing new attacker techniques.

Career
In this document
Powered by AI

Introduction to network forensics; process of collecting and analyzing network data for incidents.

Importance of established procedures in network forensics to ensure data integrity post-attack.

Layered defense strategies (Defense in Depth) to secure networks and counter internal threats.

Standard procedures for network forensics to retrieve data and restore affected systems post-attack.

Role of network logs and tools like Tcpdump and Wireshark in monitoring and identifying traffic patterns.

Overview of Sysinternals tools for examining Windows products and managing processes and systems.

Use of packet analyzers to monitor network traffic and tools that operate at OSI layer 2 or 3.

The Honeynet Project seeks to increase awareness of cyber threats and includes honeypots for monitoring.

Summary of network forensics steps, tools, and the importance of monitoring and preparing for breaches.

Downloaded 303 times
NETWORK FORENSICS
Network Forensics Overview  Network forensics  Process of collecting and analyzing raw network data and tracking network traffic  To ascertain how an attack was carried out or how an event occurred on a network  Intruders leave a trail behind  Knowing your network’s typical traffic patterns is important in spotting variations in network traffic
The Need for Established Procedures  Network forensics examiners must establish standard procedures for how to acquire data after an attack or intrusion  Essential to ensure that all comprised systems have been found  Procedures must be based on an organization’s needs and complement network infrastructure  NIST created “Guide to Integrating Forensic Techniques into Incident Response” to address these needs
Securing a Network  Layered network defense strategy  Sets up layers of protection to hide the most valuable data at the innermost part of the network  Defense in depth (DiD)  Similar approach developed by the NSA  Modes of protection  People  Technology  Operations
Securing a Network  Testing networks is as important as testing servers  You need to be up to date on the latest methods intruders use to infiltrate networks  As well as methods internal employees use to sabotage networks  Small companies of fewer than 10 employees often don’t consider security precautions against internal threats necessary  Can be more susceptible to problems caused by employees revealing proprietary information
Developing Procedures for Network Forensics  Network forensics can be a long, tedious process  Standard procedure that is often used:  Always use a standard installation image for systems on a network  Fix any vulnerability after an attack  Attempt to retrieve all volatile data  Acquire all compromised drives  Compare files on the forensic image to the original installation image
Developing Standard Procedures for Network Forensics  In digital forensics  You can work from the image to find most of the deleted or hidden files and partitions  In network forensics  You have to restore drives to understand attack  Work on an isolated system  Prevents malware from affecting other systems
Reviewing Network Logs  Network logs record ingoing and outgoing traffic  Network servers  Routers  Firewalls  Tcpdump and Wireshark - tools for examining network traffic  Can generate top 10 lists  Can identify patterns
Using Network Tools  Sysinternals  A collection of free tools for examining Windows products  Examples of the Sysinternals tools:  RegMon shows Registry data in real time  Process Explorer shows what is loaded  Handle shows open files and processes using them  Filemon shows file system activity
Using Network Tools  Tools from PsTools suite created by Sysinternals  PsExec runs processes remotely  PsGetSid displays security identifier (SID)  PsKill kills process by name or ID  PsList lists details about a process  PsLoggedOn shows who’s logged locally  PsPasswd changes account passwords  PsService controls and views services  PsShutdown shuts down and restarts PCs  PsSuspend suspends processes
Using Packet Nalyzers  Packet analyzers  Devices or software that monitor network traffic  Most work at layer 2 or 3 of the OSI model  Most tools follow the Pcap (packet capture) format  Some packets can be identified by examining the flags in their TCP headers  Tools  Tcpdump  Tshark  Netflow  Wireshark
Examining the Honeynet Project  The Honeynet Project was developed to make information widely available in an attempt to thwart Internet and network hackers  Objectives are awareness, information, and tools  Distributed denial-of-service (DDoS) attacks  Hundreds or even thousands of machines (zombies) can be used  Zero day attacks  Another major threat  Attackers look for holes in networks and OSs and exploit these weaknesses before patches are available  Honeypot  Normal looking computer that lures attackers to it  Honeywalls  Monitor what’s happening to honeypots on your network and record what attackers are doing
Summary  Network forensics is the process of collecting and analyzing raw network data and systematically tracking network traffic to ascertain how an attack took place  Steps must be taken to harden networks before a security breach happens  Being able to spot variations in network traffic can help you track intrusions  Several tools are available for monitoring network traffic, such as packet analyzers and honeypots  The Honeynet Project is designed to help people learn the latest intrusion techniques that attackers are using

More Related Content

PPTX
Network forensic
byManjushree Mashal
 
PPTX
Network forensics and investigating logs
byanilinvns
 
PDF
Network Forensic
bySujeet Kumar
 
PPTX
Computer forensics toolkit
byMilap Oza
 
PPT
Network forensics1
bySantosh Khadsare
 
PDF
CS6004 Cyber Forensics
byKathirvel Ayyaswamy
 
PPTX
Digital forensic tools
byParsons Corporation
 
PDF
Current Forensic Tools
byJyothishmathi Institute of Technology and Science Karimnagar
 
Network forensic
byManjushree Mashal
 
Network forensics and investigating logs
byanilinvns
 
Network Forensic
bySujeet Kumar
 
Computer forensics toolkit
byMilap Oza
 
Network forensics1
bySantosh Khadsare
 
CS6004 Cyber Forensics
byKathirvel Ayyaswamy
 
Digital forensic tools
byParsons Corporation
 
Current Forensic Tools
byJyothishmathi Institute of Technology and Science Karimnagar
 

What's hot

PPT
Live data collection_from_windows_system
byMaceni Muse
 
PPTX
Intrusion Detection System(IDS)
byshraddha_b
 
PPTX
Cyber forensics ppt
byRoshiniVijayakumar1
 
PPTX
Mobile Forensics
byabdullah roomi
 
PPSX
Intrusion detection system
bygaurav koriya
 
PPTX
mobile forensic.pptx
byAmbuj Kumar
 
PDF
Cyber Forensics Module 1
byManu Mathew Cherian
 
PPTX
Cryptography
byjayashri kolekar
 
PDF
05 Duplication and Preservation of Digital evidence - Notes
byKranthi
 
PPTX
E-mail Investigation
byedwardbel
 
PPTX
Legal aspects of digital forensics
byKakshaPatel3
 
PPTX
E mail forensics
bysaddamhusain hadimani
 
PPT
Introduction to computer forensic
byOnline
 
PPT
Intrusion Detection Systems and Intrusion Prevention Systems
byCleverence Kombe
 
PPTX
Footprinting and reconnaissance
byNishaYadav177
 
PPTX
Mobile Forensics
byprimeteacher32
 
PDF
Digital Forensic: Brief Intro & Research Challenge
byAung Thu Rha Hein
 
PPTX
Digital forensics
byVidoushi B-Somrah
 
PPTX
Virtual Machine Forensics
byprimeteacher32
 
PPT
Mobile forensics
bynoorashams
 
Live data collection_from_windows_system
byMaceni Muse
 
Intrusion Detection System(IDS)
byshraddha_b
 
Cyber forensics ppt
byRoshiniVijayakumar1
 
Mobile Forensics
byabdullah roomi
 
Intrusion detection system
bygaurav koriya
 
mobile forensic.pptx
byAmbuj Kumar
 
Cyber Forensics Module 1
byManu Mathew Cherian
 
Cryptography
byjayashri kolekar
 
05 Duplication and Preservation of Digital evidence - Notes
byKranthi
 
E-mail Investigation
byedwardbel
 
Legal aspects of digital forensics
byKakshaPatel3
 
E mail forensics
bysaddamhusain hadimani
 
Introduction to computer forensic
byOnline
 
Intrusion Detection Systems and Intrusion Prevention Systems
byCleverence Kombe
 
Footprinting and reconnaissance
byNishaYadav177
 
Mobile Forensics
byprimeteacher32
 
Digital Forensic: Brief Intro & Research Challenge
byAung Thu Rha Hein
 
Digital forensics
byVidoushi B-Somrah
 
Virtual Machine Forensics
byprimeteacher32
 
Mobile forensics
bynoorashams
 

Viewers also liked

PPTX
Social Media Forensics for Investigators
byCase IQ
 
PPTX
Web Browser Artifacts
byprimeteacher32
 
PPT
17. Trees and Graphs
byIntro C# Book
 
PPTX
Examining Mac File Structures
byprimeteacher32
 
PPT
P2P Forensics
byBrian Baskin
 
PPT
floor planning
byTeam-VLSI-ITMU
 
PPT
B-link-tree
byMakoto Yui
 
PPTX
B trees
byPRAKASH RANJAN SINGH
 
PPT
Top 10 Oracle SQL tuning tips
byNirav Shah
 
PDF
Лекция 5: B-деревья (B-trees, k-way merge sort)
byMikhail Kurnosov
 
PPT
Tpr star tree
byWin Yu
 
PPT
1.9 b tree
byKrish_ver2
 
PPTX
CAD: introduction to floorplanning
byTeam-VLSI-ITMU
 
PPTX
Oracle DBA Online Training in India
byunited global soft
 
PDF
Bigtable and Boxwood
byEvan Weaver
 
ZIP
Algorithm Introduction #18 B-Tree
bySatoshi Asano
 
Social Media Forensics for Investigators
byCase IQ
 
Web Browser Artifacts
byprimeteacher32
 
17. Trees and Graphs
byIntro C# Book
 
Examining Mac File Structures
byprimeteacher32
 
P2P Forensics
byBrian Baskin
 
floor planning
byTeam-VLSI-ITMU
 
B-link-tree
byMakoto Yui
 
B trees
byPRAKASH RANJAN SINGH
 
Top 10 Oracle SQL tuning tips
byNirav Shah
 
Лекция 5: B-деревья (B-trees, k-way merge sort)
byMikhail Kurnosov
 
Tpr star tree
byWin Yu
 
1.9 b tree
byKrish_ver2
 
CAD: introduction to floorplanning
byTeam-VLSI-ITMU
 
Oracle DBA Online Training in India
byunited global soft
 
Bigtable and Boxwood
byEvan Weaver
 
Algorithm Introduction #18 B-Tree
bySatoshi Asano
 

Similar to Network Forensics

PPTX
Cyber Forensics Overview
byYansi Keim
 
PDF
Network forensics
byArthyR3
 
PPTX
Network Miner Network forensics
bySreekanth Narendran
 
PDF
Digital forensic science and its scope manesh t
byManesh T
 
PDF
Network Forensics.pdf
byShivamSolanki53
 
PPT
ch11.ppt
bycontactatkmdp
 
PPTX
INTRODUCTION TO CYBERFORENSICS AND ITS APPLICATION IN CYBERSECURITY
byranapoonam1
 
PPTX
First Responders Course - Session 4 - Forensic Readiness [2004]
byPhil Huggins FBCS CITP
 
PPTX
Forensic Analysis - Empower Tech Days 2013
byIslam Azeddine Mennouchi
 
PPTX
Combating cyber security through forensic investigation tools
byVenkata Sreeram
 
PPT
Basics of Digital Forensics Techniques.ppt
byNaeemAijazYousfani
 
PPTX
cyberforensicsv2-191113184409.pptx
byPrasannaKumarpanda2
 
PDF
Collecting and analyzing network-based evidence
byCSITiaesprime
 
PDF
Comparative Analysis: Network Forensic Systems
byijsrd.com
 
PPTX
Crimeppt
byKalaiselvi k
 
PDF
(130511) #fitalk network forensics and its role and scope
byINSIGHT FORENSIC
 
PPTX
cyber Forensics
byMuzzammil Wani
 
PPTX
Sujit
bySujit George
 
PPTX
cyberforensicsv2-191113184409.pptx
byPrabithGupta1
 
PPT
CF.ppt
byKhusThakkar
 
Cyber Forensics Overview
byYansi Keim
 
Network forensics
byArthyR3
 
Network Miner Network forensics
bySreekanth Narendran
 
Digital forensic science and its scope manesh t
byManesh T
 
Network Forensics.pdf
byShivamSolanki53
 
ch11.ppt
bycontactatkmdp
 
INTRODUCTION TO CYBERFORENSICS AND ITS APPLICATION IN CYBERSECURITY
byranapoonam1
 
First Responders Course - Session 4 - Forensic Readiness [2004]
byPhil Huggins FBCS CITP
 
Forensic Analysis - Empower Tech Days 2013
byIslam Azeddine Mennouchi
 
Combating cyber security through forensic investigation tools
byVenkata Sreeram
 
Basics of Digital Forensics Techniques.ppt
byNaeemAijazYousfani
 
cyberforensicsv2-191113184409.pptx
byPrasannaKumarpanda2
 
Collecting and analyzing network-based evidence
byCSITiaesprime
 
Comparative Analysis: Network Forensic Systems
byijsrd.com
 
Crimeppt
byKalaiselvi k
 
(130511) #fitalk network forensics and its role and scope
byINSIGHT FORENSIC
 
cyber Forensics
byMuzzammil Wani
 
Sujit
bySujit George
 
cyberforensicsv2-191113184409.pptx
byPrabithGupta1
 
CF.ppt
byKhusThakkar
 

More from primeteacher32

PPTX
Windows File Systems
byprimeteacher32
 
PPT
Hardware vs. Software Presentations
byprimeteacher32
 
PPTX
Input Validation
byprimeteacher32
 
PPTX
Introduction to GUIs with guizero
byprimeteacher32
 
PPTX
Variable Scope
byprimeteacher32
 
PPTX
Function Parameters
byprimeteacher32
 
PPTX
Introduction to Repetition Structures
byprimeteacher32
 
PPT
Intro to Python with GPIO
byprimeteacher32
 
PPT
Software Development Life Cycle
byprimeteacher32
 
PPTX
Variables and User Input
byprimeteacher32
 
PPTX
Variables and Statements
byprimeteacher32
 
PPTX
Nested Loops
byprimeteacher32
 
PPT
Conditional Loops
byprimeteacher32
 
PPTX
Conditionals
byprimeteacher32
 
PPTX
Returning Data
byprimeteacher32
 
PPTX
Intro to Functions
byprimeteacher32
 
PPTX
Nesting Conditionals
byprimeteacher32
 
PPT
Intro to Python
byprimeteacher32
 
PPTX
Block chain security
byprimeteacher32
 
PPTX
Raspberry Pi
byprimeteacher32
 
Windows File Systems
byprimeteacher32
 
Hardware vs. Software Presentations
byprimeteacher32
 
Input Validation
byprimeteacher32
 
Introduction to GUIs with guizero
byprimeteacher32
 
Variable Scope
byprimeteacher32
 
Function Parameters
byprimeteacher32
 
Introduction to Repetition Structures
byprimeteacher32
 
Intro to Python with GPIO
byprimeteacher32
 
Software Development Life Cycle
byprimeteacher32
 
Variables and User Input
byprimeteacher32
 
Variables and Statements
byprimeteacher32
 
Nested Loops
byprimeteacher32
 
Conditional Loops
byprimeteacher32
 
Conditionals
byprimeteacher32
 
Returning Data
byprimeteacher32
 
Intro to Functions
byprimeteacher32
 
Nesting Conditionals
byprimeteacher32
 
Intro to Python
byprimeteacher32
 
Block chain security
byprimeteacher32
 
Raspberry Pi
byprimeteacher32
 

Recently uploaded

PPTX
Network administration and collboration system
byMudasserChudhary
 
DOCX
9 Essential Steps to Buy Verified Binance Accounts.docx
byusaallshop
 
PPTX
Master Virtual Meetings: Essential Training for Effective Online Communicatio...
byJASMINE DIAS
 
PDF
Background Verification | What Is Background Verification.pdf
byemployeecrossingsdm
 
PDF
Presentation of Vinod Kumar Hankare of 27 years experience
byhankarevinod4673
 
DOCX
Everything You Need to Know About USA,UK Verified Payeer Accounts in 2025.docx
byBEST IT SMM
 
DOCX
Top 10 To Buy Icloud Email Accounts In Bulk(PVA & Aged) _ bulb.docx
byBEST IT SMM
 
DOCX
Top 9 Sites To Verified Cash App Accounts in 2025 ....docx
byTinVejos
 
DOCX
Step-by-Step Guide to Buying Reddit Accounts In Online.docx
byBEST IT SMM
 
PDF
🎯 Productive Meetings: Speak Up at the Right Time and Lead with Agility - DI ...
byBrian Greenvalley
 
PDF
Good readers lead, when in a quiet spot i
byDiluca1
 
PDF
10 Things You Need to Know Before You Buy Instagram ....pdf
byTinVejos
 
PDF
CAT_Centre List_2025.pdf xxxxxx ccc cccccc
byMohdMaaz40
 
PDF
Ppsc Chemistry Syllabus Guidance Book.pdf
byGc University Faisalabad
 
PPTX
How to Build an Impressive LinkedIn Profile for Career Success?
byStrengthsTheatre
 
PPTX
L21 internal and external diffusion.pptx
bygetahun esubalew
 
PPTX
SkillBridge CoLab for foreign students in South Korea
bysalsabilsamia56
 
PPTX
Student Support and Guidance Programme (SSGP).pptx
byAl-Shifa College of Paramedical Science,Perinthalmanna
 
PPTX
SPORTS WRITING 101.pptx sample ppt for journalism
byhantracydecastro
 
PPTX
Paleozoic fauna Brachiopoda.pptx igneous
bysuklachatterjeerkms
 
Network administration and collboration system
byMudasserChudhary
 
9 Essential Steps to Buy Verified Binance Accounts.docx
byusaallshop
 
Master Virtual Meetings: Essential Training for Effective Online Communicatio...
byJASMINE DIAS
 
Background Verification | What Is Background Verification.pdf
byemployeecrossingsdm
 
Presentation of Vinod Kumar Hankare of 27 years experience
byhankarevinod4673
 
Everything You Need to Know About USA,UK Verified Payeer Accounts in 2025.docx
byBEST IT SMM
 
Top 10 To Buy Icloud Email Accounts In Bulk(PVA & Aged) _ bulb.docx
byBEST IT SMM
 
Top 9 Sites To Verified Cash App Accounts in 2025 ....docx
byTinVejos
 
Step-by-Step Guide to Buying Reddit Accounts In Online.docx
byBEST IT SMM
 
🎯 Productive Meetings: Speak Up at the Right Time and Lead with Agility - DI ...
byBrian Greenvalley
 
Good readers lead, when in a quiet spot i
byDiluca1
 
10 Things You Need to Know Before You Buy Instagram ....pdf
byTinVejos
 
CAT_Centre List_2025.pdf xxxxxx ccc cccccc
byMohdMaaz40
 
Ppsc Chemistry Syllabus Guidance Book.pdf
byGc University Faisalabad
 
How to Build an Impressive LinkedIn Profile for Career Success?
byStrengthsTheatre
 
L21 internal and external diffusion.pptx
bygetahun esubalew
 
SkillBridge CoLab for foreign students in South Korea
bysalsabilsamia56
 
Student Support and Guidance Programme (SSGP).pptx
byAl-Shifa College of Paramedical Science,Perinthalmanna
 
SPORTS WRITING 101.pptx sample ppt for journalism
byhantracydecastro
 
Paleozoic fauna Brachiopoda.pptx igneous
bysuklachatterjeerkms
 

Network Forensics

  • 1.
  • 2.
    Network Forensics Overview Network forensics  Process of collecting and analyzing raw network data and tracking network traffic  To ascertain how an attack was carried out or how an event occurred on a network  Intruders leave a trail behind  Knowing your network’s typical traffic patterns is important in spotting variations in network traffic
  • 3.
    The Need forEstablished Procedures  Network forensics examiners must establish standard procedures for how to acquire data after an attack or intrusion  Essential to ensure that all comprised systems have been found  Procedures must be based on an organization’s needs and complement network infrastructure  NIST created “Guide to Integrating Forensic Techniques into Incident Response” to address these needs
  • 4.
    Securing a Network Layered network defense strategy  Sets up layers of protection to hide the most valuable data at the innermost part of the network  Defense in depth (DiD)  Similar approach developed by the NSA  Modes of protection  People  Technology  Operations
  • 5.
    Securing a Network Testing networks is as important as testing servers  You need to be up to date on the latest methods intruders use to infiltrate networks  As well as methods internal employees use to sabotage networks  Small companies of fewer than 10 employees often don’t consider security precautions against internal threats necessary  Can be more susceptible to problems caused by employees revealing proprietary information
  • 6.
    Developing Procedures forNetwork Forensics  Network forensics can be a long, tedious process  Standard procedure that is often used:  Always use a standard installation image for systems on a network  Fix any vulnerability after an attack  Attempt to retrieve all volatile data  Acquire all compromised drives  Compare files on the forensic image to the original installation image
  • 7.
    Developing Standard Proceduresfor Network Forensics  In digital forensics  You can work from the image to find most of the deleted or hidden files and partitions  In network forensics  You have to restore drives to understand attack  Work on an isolated system  Prevents malware from affecting other systems
  • 8.
    Reviewing Network Logs Network logs record ingoing and outgoing traffic  Network servers  Routers  Firewalls  Tcpdump and Wireshark - tools for examining network traffic  Can generate top 10 lists  Can identify patterns
  • 9.
    Using Network Tools Sysinternals  A collection of free tools for examining Windows products  Examples of the Sysinternals tools:  RegMon shows Registry data in real time  Process Explorer shows what is loaded  Handle shows open files and processes using them  Filemon shows file system activity
  • 10.
    Using Network Tools Tools from PsTools suite created by Sysinternals  PsExec runs processes remotely  PsGetSid displays security identifier (SID)  PsKill kills process by name or ID  PsList lists details about a process  PsLoggedOn shows who’s logged locally  PsPasswd changes account passwords  PsService controls and views services  PsShutdown shuts down and restarts PCs  PsSuspend suspends processes
  • 11.
    Using Packet Nalyzers Packet analyzers  Devices or software that monitor network traffic  Most work at layer 2 or 3 of the OSI model  Most tools follow the Pcap (packet capture) format  Some packets can be identified by examining the flags in their TCP headers  Tools  Tcpdump  Tshark  Netflow  Wireshark
  • 12.
    Examining the HoneynetProject  The Honeynet Project was developed to make information widely available in an attempt to thwart Internet and network hackers  Objectives are awareness, information, and tools  Distributed denial-of-service (DDoS) attacks  Hundreds or even thousands of machines (zombies) can be used  Zero day attacks  Another major threat  Attackers look for holes in networks and OSs and exploit these weaknesses before patches are available  Honeypot  Normal looking computer that lures attackers to it  Honeywalls  Monitor what’s happening to honeypots on your network and record what attackers are doing
  • 13.
    Summary  Network forensicsis the process of collecting and analyzing raw network data and systematically tracking network traffic to ascertain how an attack took place  Steps must be taken to harden networks before a security breach happens  Being able to spot variations in network traffic can help you track intrusions  Several tools are available for monitoring network traffic, such as packet analyzers and honeypots  The Honeynet Project is designed to help people learn the latest intrusion techniques that attackers are using