Analyze network packet files very carefully

As a professional forensic guy, you can not be too careful to anlyze the evidence. Especially when the case is about malware or hacker. Protect your workstation is your responsibility. You are a professional forensic examiner, so don't get infected when examining the evidence file or network packet files. A friend of mine, she is also a forensic examiner, became victim yesterday. It's too ridiculous!!! She was very embrassing. The reason why she got infected was that she extracted a zip file from a suspicious network packet file and "accessed" that zip file. Then something happened. What a tragedy~

Let me show you how to analyze network packet files by using Network Miner. Import the network packet file you captured from the victim's workstation. See the tab "Credentials" we could find some important clue about accout and password.

Analyze network packet files very carefully

See tab "Files" Network Miner could extract files inside the network packet file. It's very convenient for forensic guys to identify the files transfered.

Analyze network packet files very carefully

Right click on the suspicious file and you could see where the file is by "Open folder".

Analyze network packet files very carefully

Now you know where it is. Don't be too exciting. Curiosity killed cats!!!

Analyze network packet files very carefully

"Life was like a box of chocolates. You never know what you're gonna get." Similarly a forensic guy never know whether any suspicious malware or virus is inside the file or not. So you have to conduct a malware analysis on it. Let me show you the verify result as below:

Analyze network packet files very carefully

上一篇:(算法)等概率选出m个整数


下一篇:centos下配置nginx支持php