Advanced Wireshark Network Forensics - Part 1/3

Netsec Explained
18 Nov 201807:27

Summary

TLDRIn this 'Nets Explained' video, security expert Klondike dives into advanced Wireshark techniques for network forensics. The tutorial, split into three parts, covers definitions, real-world scenarios, and how to analyze network traffic to identify and respond to security threats. It assumes knowledge of Wireshark and networking models, and recommends tools like Network Miner for file carving. The goal is to bridge the gap between basic protocol analysis and solving complex security issues.

Takeaways

  • 😀 The video is about advanced Wireshark techniques for network forensics.
  • 🔍 Wireshark is a tool for troubleshooting, analysis, and can be used for solving real-world problems in network forensics.
  • 📚 The video is divided into three parts, covering definitions, processes, and real-world scenarios.
  • 👤 The presenter, Klondike, is a senior consultant and security researcher with a passion for network security.
  • 📘 Basic knowledge of Wireshark, OSI and TCP/IP models, and common protocols is assumed for the audience.
  • 🛠️ Wireshark and a hex editor are necessary tools for the workshop.
  • 🔎 The workshop introduces network-based file carving and tools like Network Miner and Scalpel for analysis.
  • 🌐 Adding the geoip database to Wireshark can provide additional insights.
  • 🔍 Network forensics involves capturing, recording, and analyzing network events to identify security threats.
  • 📝 The process includes identifying a triggering event, setting goals, and analyzing packet captures.
  • 📋 Creating a list of specific goals helps in focusing the investigation and identifying important data.

Q & A

  • What is the main focus of the video presented by Klondike?

    -The main focus of the video is to demonstrate advanced techniques using Wireshark for network forensics to solve real-world problems, going beyond basic uses.

  • What is the purpose of the workshop series presented in the video?

    -The purpose of the workshop series is to provide an in-depth understanding of Wireshark for network forensics, extending beyond the basic material found in books and covering practical applications.

  • What are the three parts that the video is broken down into?

    -The video is broken down into three parts: definitions and processes needed for investigations, a real-world scenario involving an infected machine, and a second real-world scenario involving a series of attacks at different levels.

  • Who is Klondike and what is his area of expertise?

    -Klondike is a senior consultant and independent security researcher specializing in penetration testing and network forensics.

  • What is the primary goal of Klondike in presenting this video?

    -Klondike's primary goal is to help viewers bridge the gap between having a basic understanding of network protocol analyzers and using them to solve real-world problems.

  • What are the prerequisites for following along with the workshop?

    -The prerequisites include knowledge of Wireshark, the OSI and TCP/IP models, and common protocols such as HTTP, TCP, and UDP.

  • What tools are recommended for network-based file carving after understanding the manual process?

    -Network Miner and Scalpel are recommended tools to speed up the process and make it easier when dealing with larger pcap files.

  • What additional feature is suggested to be added to Wireshark for enhanced analysis?

    -The geoip database is suggested to be added to Wireshark for enhanced analysis, which can be obtained for free from the MaxMind website.

  • What is the general definition of forensics in the context of this workshop?

    -In the context of this workshop, forensics refers to the capture, recording, and analysis of network events to discover the source of security threats or other problem incidents.

  • What are the steps in the network forensic process as described in the video?

    -The steps in the network forensic process include identifying the triggering event, designing focus goals, and beginning packet capture analysis.

  • What is the iterative process of pcap analysis methodology as outlined in the video?

    -The iterative process of pcap analysis methodology includes pattern matching, listing conversations, isolating and exporting specific streams of interest, extracting files or data streams, and compiling data to draw conclusions.

Outlines

plate

هذا القسم متوفر فقط للمشتركين. يرجى الترقية للوصول إلى هذه الميزة.

قم بالترقية الآن

Mindmap

plate

هذا القسم متوفر فقط للمشتركين. يرجى الترقية للوصول إلى هذه الميزة.

قم بالترقية الآن

Keywords

plate

هذا القسم متوفر فقط للمشتركين. يرجى الترقية للوصول إلى هذه الميزة.

قم بالترقية الآن

Highlights

plate

هذا القسم متوفر فقط للمشتركين. يرجى الترقية للوصول إلى هذه الميزة.

قم بالترقية الآن

Transcripts

plate

هذا القسم متوفر فقط للمشتركين. يرجى الترقية للوصول إلى هذه الميزة.

قم بالترقية الآن
Rate This

5.0 / 5 (0 votes)

الوسوم ذات الصلة
WiresharkNetwork ForensicsSecurity AnalysisPCAPIO CsPacket CaptureData AnalysisSecurity ResearchIncident ResponseNetwork Monitoring
هل تحتاج إلى تلخيص باللغة الإنجليزية؟