zoukankan      html  css  js  c++  java
  • Analyze network packet files very carefully

    As a professional forensic guy, you can not be too careful to anlyze the evidence. Especially when the case is about malware or hacker. Protect your workstation is your responsibility. You are a professional forensic examiner, so don't get infected when examining the evidence file or network packet files. A friend of mine, she is also a forensic examiner, became victim yesterday. It's too ridiculous!!! She was very embrassing. The reason why she got infected was that she extracted a zip file from a suspicious network packet file and "accessed" that zip file. Then something happened. What a tragedy~

     

    Let me show you how to analyze network packet files by using Network Miner. Import the network packet file you captured from the victim's workstation. See the tab "Credentials" we could find some important clue about accout and password.

    See tab "Files" Network Miner could extract files inside the network packet file. It's very convenient for forensic guys to identify the files transfered.

    Right click on the suspicious file and you could see where the file is by "Open folder".

    Now you know where it is. Don't be too exciting. Curiosity killed cats!!!

    "Life was like a box of chocolates. You never know what you're gonna get." Similarly a forensic guy never know whether any suspicious malware or virus is inside the file or not. So you have to conduct a malware analysis on it. Let me show you the verify result as below:

  • 相关阅读:
    js保留几位小数
    IE的卸载之路(折腾1个多月,记录下。。)
    百度map
    鼠标滑轮事件监听,兼容各类浏览器
    sql server分页存储过程
    echarts(3.0)的基本使用(标签式导入)
    datagrid加分组后的效果
    python文件操作
    python求100以内素数
    python 三元运算符
  • 原文地址:https://www.cnblogs.com/pieces0310/p/5838773.html
Copyright © 2011-2022 走看看