As a professional forensic guy, you can not be too careful to anlyze the evidence. Especially when the case is about malware or hacker. Protect your workstation is your responsibility. You are a professional forensic examiner, so don't get infected when examining the evidence file or network packet files. A friend of mine, she is also a forensic examiner, became victim yesterday. It's too ridiculous!!! She was very embrassing. The reason why she got infected was that she extracted a zip file from a suspicious network packet file and "accessed" that zip file. Then something happened. What a tragedy~

Let me show you how to analyze network packet files by using Network Miner. Import the network packet file you captured from the victim's workstation. See the tab "Credentials" we could find some important clue about accout and password.

See tab "Files" Network Miner could extract files inside the network packet file. It's very convenient for forensic guys to identify the files transfered.

Right click on the suspicious file and you could see where the file is by "Open folder".

Now you know where it is. Don't be too exciting. Curiosity killed cats!!!

"Life was like a box of chocolates. You never know what you're gonna get." Similarly a forensic guy never know whether any suspicious malware or virus is inside the file or not. So you have to conduct a malware analysis on it. Let me show you the verify result as below:

Analyze network packet files very carefully的更多相关文章

  1. 【翻译自mos文章】Clusterware间歇性的hang,命令报CRS-184而且Network Socket Files in /tmp/.oracle or /var/tmp/.oracle被删

    来源于: Clusterware Intermittently Hangs And Commands Fail With CRS-184 as Network Socker Files in /tmp ...

  2. 1519484 - How to analyze network disconnections shown in system log (transaction SM21)

    Symptom System log (transaction SM21) shows network disconnections, e.g.: Q04 Connection to user 264 ...

  3. ELK实践(一):基础入门

    虽然用了ELK很久了,但一直苦于没有自己尝试搭建过,所以想抽时间尝试尝试.原本打算按照教程 <ELK集中式日志平台之二 - 部署>(作者:樊浩柏科学院) 进行测试的,没想到一路出了很多坑, ...

  4. [转]Getting a Packet Trace

    src:https://developer.apple.com/library/mac/qa/qa1176/_index.html Technical Q&A QA1176 Getting a ...

  5. Network Load Balancing Technical Overview--reference

    http://technet.microsoft.com/en-us/library/bb742455.aspx Abstract Network Load Balancing, a clusteri ...

  6. [Windows Azure] Windows Azure Virtual Network Overview

    Windows Azure Virtual Network Overview 18 out of 33 rated this helpful - Rate this topic Updated: Ap ...

  7. PatentTips - Data Plane Packet Processing Tool Chain

    BACKGROUND The present disclosure relates generally to systems and methods for providing a data plan ...

  8. Configure a bridged network interface for KVM using RHEL 5.4 or later?

    environment Red Hat Enterprise Linux 5.4 or later Red Hat Enterprise Linux 6.0 or later KVM virtual ...

  9. Configuring Network Configuration-RHEL7

    1.查看网络状态systemctl status NetworkManager You can use the  systemctl status NetworkManager  command to ...

随机推荐

  1. Css学习笔记 (一)

    这几天写了点CSS,大概总结一下,很凌乱,只是加深一下自己的认识. background-position background-position是以容器的左上角为0,0定位,支持(left,righ ...

  2. Quartz在Spring中动态设置cronExpression (spring设置动态定时任务)

    什么是动态定时任务:是由客户制定生成的,服务端只知道该去执行什么任务,但任务的定时是不确定的(是由客户制定).      这样总不能修改配置文件每定制个定时任务就增加一个trigger吧,即便允许客户 ...

  3. poj3181 Dollar Dayz ——完全背包

    link:http://poj.org/problem?id=3181 本来很常规的一道完全背包,比较有意思的一点是,结果会超int,更有意思的解决方法是,不用高精度,用两个整型的拼接起来就行了.OR ...

  4. Python 面向对象(初级篇) (转)

    概述 面向过程:根据业务逻辑从上到下写垒代码 函数式:将某功能代码封装到函数中,日后便无需重复编写,仅调用函数即可 面向对象:对函数进行分类和封装,让开发"更快更好更强..." 面 ...

  5. 论文笔记之:A CNN Cascade for Landmark Guided Semantic Part Segmentation

    A CNN Cascade for Landmark Guided Semantic Part Segmentation  ECCV 2016 摘要:本文提出了一种 CNN cascade (CNN ...

  6. [转]UDP穿透NAT的原理与实现(UDP“打洞”原理)

    NAT(The IP Network Address Translator) 的概念和意义是什么? NAT, 中文翻译为网络地址转换.具体的详细信息可以访问RFC 1631 - http://www. ...

  7. [java] java解析txt文件

    /** * 读取txt文件内容封装为map返回 * @param filePath * @return */ public static String readTxt(String filePath) ...

  8. js call()和apply()

    一.call()和apply(),实例如下: function add(a,b) {     alert(a+b); } function sub(a,b) {     alert(a-b); } a ...

  9. Spring学习 Ioc篇(一 )

    一直以来忙于项目的开发,Spring虽然不用,一直想系统地学习一下,想看看它的源码,都没有时间,这段时间比较充裕,就索性先把Spring学习下,熟悉各个功能再去探究它内部的实现.就从Ioc篇开始学习. ...

  10. Keepalived安装使用详解

    简介 Keepalived是一个基于VRRP协议来实现的服务高可用方案,可以利用其来避免IP单点故障,类似的工具还有heartbeat.corosync.pacemaker. 但是它一般不会单独出现, ...