As a professional forensic guy, you can not be too careful to anlyze the evidence. Especially when the case is about malware or hacker. Protect your workstation is your responsibility. You are a professional forensic examiner, so don't get infected when examining the evidence file or network packet files. A friend of mine, she is also a forensic examiner, became victim yesterday. It's too ridiculous!!! She was very embrassing. The reason why she got infected was that she extracted a zip file from a suspicious network packet file and "accessed" that zip file. Then something happened. What a tragedy~

Let me show you how to analyze network packet files by using Network Miner. Import the network packet file you captured from the victim's workstation. See the tab "Credentials" we could find some important clue about accout and password.

See tab "Files" Network Miner could extract files inside the network packet file. It's very convenient for forensic guys to identify the files transfered.

Right click on the suspicious file and you could see where the file is by "Open folder".

Now you know where it is. Don't be too exciting. Curiosity killed cats!!!

"Life was like a box of chocolates. You never know what you're gonna get." Similarly a forensic guy never know whether any suspicious malware or virus is inside the file or not. So you have to conduct a malware analysis on it. Let me show you the verify result as below:

Analyze network packet files very carefully的更多相关文章

  1. 【翻译自mos文章】Clusterware间歇性的hang,命令报CRS-184而且Network Socket Files in /tmp/.oracle or /var/tmp/.oracle被删

    来源于: Clusterware Intermittently Hangs And Commands Fail With CRS-184 as Network Socker Files in /tmp ...

  2. 1519484 - How to analyze network disconnections shown in system log (transaction SM21)

    Symptom System log (transaction SM21) shows network disconnections, e.g.: Q04 Connection to user 264 ...

  3. ELK实践(一):基础入门

    虽然用了ELK很久了,但一直苦于没有自己尝试搭建过,所以想抽时间尝试尝试.原本打算按照教程 <ELK集中式日志平台之二 - 部署>(作者:樊浩柏科学院) 进行测试的,没想到一路出了很多坑, ...

  4. [转]Getting a Packet Trace

    src:https://developer.apple.com/library/mac/qa/qa1176/_index.html Technical Q&A QA1176 Getting a ...

  5. Network Load Balancing Technical Overview--reference

    http://technet.microsoft.com/en-us/library/bb742455.aspx Abstract Network Load Balancing, a clusteri ...

  6. [Windows Azure] Windows Azure Virtual Network Overview

    Windows Azure Virtual Network Overview 18 out of 33 rated this helpful - Rate this topic Updated: Ap ...

  7. PatentTips - Data Plane Packet Processing Tool Chain

    BACKGROUND The present disclosure relates generally to systems and methods for providing a data plan ...

  8. Configure a bridged network interface for KVM using RHEL 5.4 or later?

    environment Red Hat Enterprise Linux 5.4 or later Red Hat Enterprise Linux 6.0 or later KVM virtual ...

  9. Configuring Network Configuration-RHEL7

    1.查看网络状态systemctl status NetworkManager You can use the  systemctl status NetworkManager  command to ...

随机推荐

  1. wireshark使用方法(学习笔记一)

    wireshark是非常流行的网络封包分析软件,功能十分强大.可以截取各种网络封包,显示网络封包的详细信息.使用wireshark的人必须了解网络协议,否则就看不懂wireshark了. 为了安全考虑 ...

  2. cassandra CQL 常用操作

    1. CQL客户端链接 bin/cqlsh ip username password 2. (1)建立keyspace语句,keyspace类似于 mysql 中的数据库,一个数据库中可以有很多表: ...

  3. php大力力 [038节] 全栈工程师的含义

    管理时间 http://www.nowamagic.net/librarys/eight/posts/2753 从知乎上看到“全栈开发者”讨论之后的自黑 什么是全栈开发者 https://beeclo ...

  4. windows核心编程---第一章 谈谈windows中的错误处理机制

        我们写的函数会用返回值表示程序执行的正确与否,使用void,就意味着程序一定不会出错.Bool类型标识true时为真,false时为假.其他类型根据需要可以定义成不同意义.       Win ...

  5. 无法建立SSL连接

    在使用wget工具的过程中,当URL使用HTTPS协议时,经常出现如下错误:“无法建立SSL连接”. 这是因为wget在使用HTTPS协议时,默认会去验证网站的证书,而这个证书验证经常会失败.加上&q ...

  6. CentOS6.5安装openLdap

    一.关闭防火墙和selinux 关闭防火墙 chkconfig iptables off service iptables stop 关闭selinux vim /etc/selinux/config ...

  7. c语言二叉树基本操作

    编译器为vs2013 #include "stdafx.h" #include<malloc.h> #include<stdlib.h> #define O ...

  8. Recyclerview使用系列教材

    Recylerview越来越多的人使用,本人录制了一套课程,欢迎大家观看,录制的比较仓促,第一课讲解的课程目录有点问题,请大家谅解,目录请看视频外该课程介绍的内容即可. 该课程付费课程包含: 1-Re ...

  9. Spring加载resource时classpath*:与classpath:的区别

    http://blog.csdn.net/kkdelta/article/details/5507799   classpath: 第一个匹配的 classpath*:多个组件中的可匹配的

  10. testNG设置测试的执行顺序

    在java类中,设置Test的执行顺序可以使用priority,或者enabled等属性.但是在testng.xml中,需要设置它的 preserve-order="true" 另 ...