As a professional forensic guy, you can not be too careful to anlyze the evidence. Especially when the case is about malware or hacker. Protect your workstation is your responsibility. You are a professional forensic examiner, so don't get infected when examining the evidence file or network packet files. A friend of mine, she is also a forensic examiner, became victim yesterday. It's too ridiculous!!! She was very embrassing. The reason why she got infected was that she extracted a zip file from a suspicious network packet file and "accessed" that zip file. Then something happened. What a tragedy~

Let me show you how to analyze network packet files by using Network Miner. Import the network packet file you captured from the victim's workstation. See the tab "Credentials" we could find some important clue about accout and password.

See tab "Files" Network Miner could extract files inside the network packet file. It's very convenient for forensic guys to identify the files transfered.

Right click on the suspicious file and you could see where the file is by "Open folder".

Now you know where it is. Don't be too exciting. Curiosity killed cats!!!

"Life was like a box of chocolates. You never know what you're gonna get." Similarly a forensic guy never know whether any suspicious malware or virus is inside the file or not. So you have to conduct a malware analysis on it. Let me show you the verify result as below:

Analyze network packet files very carefully的更多相关文章

  1. 【翻译自mos文章】Clusterware间歇性的hang,命令报CRS-184而且Network Socket Files in /tmp/.oracle or /var/tmp/.oracle被删

    来源于: Clusterware Intermittently Hangs And Commands Fail With CRS-184 as Network Socker Files in /tmp ...

  2. 1519484 - How to analyze network disconnections shown in system log (transaction SM21)

    Symptom System log (transaction SM21) shows network disconnections, e.g.: Q04 Connection to user 264 ...

  3. ELK实践(一):基础入门

    虽然用了ELK很久了,但一直苦于没有自己尝试搭建过,所以想抽时间尝试尝试.原本打算按照教程 <ELK集中式日志平台之二 - 部署>(作者:樊浩柏科学院) 进行测试的,没想到一路出了很多坑, ...

  4. [转]Getting a Packet Trace

    src:https://developer.apple.com/library/mac/qa/qa1176/_index.html Technical Q&A QA1176 Getting a ...

  5. Network Load Balancing Technical Overview--reference

    http://technet.microsoft.com/en-us/library/bb742455.aspx Abstract Network Load Balancing, a clusteri ...

  6. [Windows Azure] Windows Azure Virtual Network Overview

    Windows Azure Virtual Network Overview 18 out of 33 rated this helpful - Rate this topic Updated: Ap ...

  7. PatentTips - Data Plane Packet Processing Tool Chain

    BACKGROUND The present disclosure relates generally to systems and methods for providing a data plan ...

  8. Configure a bridged network interface for KVM using RHEL 5.4 or later?

    environment Red Hat Enterprise Linux 5.4 or later Red Hat Enterprise Linux 6.0 or later KVM virtual ...

  9. Configuring Network Configuration-RHEL7

    1.查看网络状态systemctl status NetworkManager You can use the  systemctl status NetworkManager  command to ...

随机推荐

  1. springmvc学习第三天

    利用spring mvc 实现crud 1.导入jar包 commons-logging-1.2.jarjstl.jarspring-aop-4.1.6.RELEASE.jarspring-beans ...

  2. C++ UFunction({FLAG}) 宏 FLAG 解释笔记

    1.BluePrintCallable  --蓝图可调用 但不可编辑 2.BlueprintImplementableEvent --函数体必须实现与Blueprint 但函数名必须生成与C++ .h ...

  3. 【Python】实现5!+4!+3!+2!+1!

    #!/usr/bin/env python #-*- coding:utf-8 -*- def factorial_add(n): empty_list=[] #定义一个空列表 for i in ma ...

  4. activity 和 生命周期: 消息通信

    实际上关于activity大概流程已经了解了,在深入的话方向应该是ams的处理操作和界面创建和view绘制.这些话题之后再谈,activity是一个gui程序,其中离不开的就是消息通讯,也就是在消息循 ...

  5. 网络数据包收发流程(二):不配置NAPI的情况

    一.no NAPI 数据结构不配置NAPI的时候,网络设备不使用自己的napi_struct结构,所有网络设备驱动都使用同一个napi_struct,即cpu私有变量__get_cpu_var(sof ...

  6. 基于redis的排行榜设计和实现

    前言: 最近想实现一个网页闯关游戏的排行榜设计, 相对而言需求比较简单. 秉承前厂长的训导: “做一件事之前, 先看看别人是怎么做的”. 于是乎网上搜索并参考了不少排行榜的实现机制, 很多人都推荐了r ...

  7. mm/makefile

    ## Makefile for the linux memory manager.## Note! Dependencies are done automagically by 'make dep', ...

  8. Nginx-uri、request_uri、document_uri之间的区别

    在nginx中有几个关于uri的变量,包括$uri.$request_uri.$document_uri,下面看一下他们的区别 :$request_uri: /stat.php?id=1585378& ...

  9. Android学习六:Socket 使用

    1socket的作用 通过http去获取服务器的数据在有些情况下是行不通的,所有使用socket与服务器通信也是必须掌握的 2.代码 好了上代码,代码中有解释,首先是简单的服务端代码 package ...

  10. NET-SNMP配置

    配置/etc/snmp/snmpd.conf such as below : ============================================== com2sec notCon ...