Presentation is loading. Please wait.

Presentation is loading. Please wait.

OR I know what you downloaded last night! By: GTKlondike.

Published byDebra Wilcox Modified over 9 years ago

Similar presentations

Presentation on theme: "OR I know what you downloaded last night! By: GTKlondike."— Presentation transcript:

1 OR I know what you downloaded last night! By: GTKlondike

2 Oh hey, that guy…

3 I Am… Hacker/independent security researcher/subspace half- ninja Several years of experience in network infrastructure and security consulting as well as systems administration (Routing, Switching, Firewalls, Servers) Passionate about networking I’m friendly, just come up and say hi Contact Info: Email: gtklondike@gmail.com Zombie-Blog: gtknetrunner.blogspot.com

4 What should you know already? Assumed basic knowledge of: Protocol analyzers (Wireshark/TCPdump) OSI and TCP/IP model Major protocols (I.e. DNS, HTTP(s), TCP, UDP, DHCP, ARP, IP, etc.)

5 Tools I Will Be Using Wireshark Network Miner Hex editor Scalpel File Signature Database http://www.garykessler.net/library/file_sigs.html

6 What Is File Carving? It’s a word search on steroids!

7 Pcap Analysis Methodology 1. Pattern Matching – Identify and filter packets of interest by matching specific values or protocol meta-data 2. List Conversations – List all conversation streams within the filtered packet capture 3. Export - Isolate and export specific conversation streams of interest 4. Draw Conclusions – Extract files or data from streams and compile data

8 Yeah…. Security Onion: /opt/samples/fake_av.pcap

9

10

11 Additional Information (Pcap Files) http://www.netresec.com/?page=PcapFiles http://forensicscontest.com/puzzles http://www.honeynet.org/node/504 https://www.evilfingers.com/repository/pcaps.php http://code.google.com/p/security-onion/wiki/Pcaps

12 Further Reading Network-Based File Carving http://blogs.cisco.com/security/network-based-file-carving/ Practical Packet Analysis: Using Wireshark to Solve Real- World Network Problems By: Chris Sanders Network Forensics: Tracking Hackers Through Cyberspace By: Sherri Davidoff, Jonathan Ham Guide to Integrating Forensic Techniques into Incident Response http://csrc.nist.gov/publications/nistpubs/800-86/SP800- 86.pdf File Signatures http://www.garykessler.net/library/file_sigs.html

Download ppt "OR I know what you downloaded last night! By: GTKlondike."

Similar presentations

Section 3.1 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE

Section 3.1 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE
NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
Section 1.1 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE TECHNICAL FUNDAMENTALS.

Section 1.1 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE TECHNICAL FUNDAMENTALS.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
Section 2.1 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE

Section 2.1 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE
Capture Packets using Wireshark. Introduction Wireshark – – Packet analysis software – Open source.

Capture Packets using Wireshark. Introduction Wireshark – – Packet analysis software – Open source.
SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.

Intrusion Detection - Arun Hodigere. Intrusion and Intrusion Detection Intrusion : Attempting to break into or misuse your system. Intruders may be from.
Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.

Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.
PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.
OSI model.

OSI model.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 

1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.

Similar presentations

Ads by Google