Analyze network packet files very carefully
As a professional forensic guy, you can not be too careful to anlyze the evidence. Especially when the case is about malware or hacker. Protect your workstation is your responsibility. You are a professional forensic examiner, so don't get infected when examining the evidence file or network packet files. A friend of mine, she is also a forensic examiner, became victim yesterday. It's too ridiculous!!! She was very embrassing. The reason why she got infected was that she extracted a zip file from a suspicious network packet file and "accessed" that zip file. Then something happened. What a tragedy~
Let me show you how to analyze network packet files by using Network Miner. Import the network packet file you captured from the victim's workstation. See the tab "Credentials" we could find some important clue about accout and password.

See tab "Files" Network Miner could extract files inside the network packet file. It's very convenient for forensic guys to identify the files transfered.

Right click on the suspicious file and you could see where the file is by "Open folder".

Now you know where it is. Don't be too exciting. Curiosity killed cats!!!

"Life was like a box of chocolates. You never know what you're gonna get." Similarly a forensic guy never know whether any suspicious malware or virus is inside the file or not. So you have to conduct a malware analysis on it. Let me show you the verify result as below:

Analyze network packet files very carefully的更多相关文章
- 【翻译自mos文章】Clusterware间歇性的hang,命令报CRS-184而且Network Socket Files in /tmp/.oracle or /var/tmp/.oracle被删
来源于: Clusterware Intermittently Hangs And Commands Fail With CRS-184 as Network Socker Files in /tmp ...
- 1519484 - How to analyze network disconnections shown in system log (transaction SM21)
Symptom System log (transaction SM21) shows network disconnections, e.g.: Q04 Connection to user 264 ...
- ELK实践(一):基础入门
虽然用了ELK很久了,但一直苦于没有自己尝试搭建过,所以想抽时间尝试尝试.原本打算按照教程 <ELK集中式日志平台之二 - 部署>(作者:樊浩柏科学院) 进行测试的,没想到一路出了很多坑, ...
- [转]Getting a Packet Trace
src:https://developer.apple.com/library/mac/qa/qa1176/_index.html Technical Q&A QA1176 Getting a ...
- Network Load Balancing Technical Overview--reference
http://technet.microsoft.com/en-us/library/bb742455.aspx Abstract Network Load Balancing, a clusteri ...
- [Windows Azure] Windows Azure Virtual Network Overview
Windows Azure Virtual Network Overview 18 out of 33 rated this helpful - Rate this topic Updated: Ap ...
- PatentTips - Data Plane Packet Processing Tool Chain
BACKGROUND The present disclosure relates generally to systems and methods for providing a data plan ...
- Configure a bridged network interface for KVM using RHEL 5.4 or later?
environment Red Hat Enterprise Linux 5.4 or later Red Hat Enterprise Linux 6.0 or later KVM virtual ...
- Configuring Network Configuration-RHEL7
1.查看网络状态systemctl status NetworkManager You can use the systemctl status NetworkManager command to ...
随机推荐
- Objective C类方法load和initialize的区别
Objective C类方法load和initialize的区别 过去两个星期里,为了完成一个工作,接触到了NSObject中非常特别的两个类方法(Class Method).它们的特别之处,在于 ...
- H.264简介
H.264/MPEG-4 AVC (H.264) 是1995年自MPEG-2视频压缩标准发布以后最新的, 最有前途的视频压缩标准. H.264是由ITU-U和ISO/IEC联合开发组共同开发的最新国际 ...
- webmin-1.810 安装
Installing the tar.gz file Before downloading Webmin, you must already have Perl 5 installed on your ...
- 1、c#对XML文件的解析
1.XML文件 <?xml version="1.0" encoding="utf-8"?> <PersonF xmlns="&qu ...
- M3: 发送邮件附件(2)
本小节介绍如何通过邮件将生成的贺卡发送给朋友.使用到了EmailMessageAPI, 需要引入的命名空间为Windows.ApplicationModel.Email. 请确保完成了以前的章节. 在 ...
- VS2010 刷新工具箱(刷新自定义控件)
有时候自己自定义了控件,定义完后却不见工具箱中刷新出来自定义的控件,解决方案有了三种: 点评:在项目中增加了几个自定义控件,想在窗口上添加时却发现工具箱根本就没有些控件,晕了.记得2008都可以自动出 ...
- RBL开发笔记一
从这个系列开始 陆续记录整个RBL开发的过程 废话不多说 直入主题 10:54:53 2014-08-25 今天开发任务: RBL.h 的框架搭建出来 包括RBLServer RB ...
- EasyUI filebox组件在IE下不兼容
EasyUI 1.4.1 jQuery v1.11.1 EasyUI1.4.1版本的filebox在IE9+环境下,提交表单上传文件时出错,不能使用.
- SVG裁剪和平移的顺序
SVG 里为元素添加 clip-path 属性即可做出裁剪效果,添加 transfrom 属性可以平移.旋转元素. 根据需求不同,有两种情况: 先裁剪元素,再把裁剪后的图形平移 先平移元素,再按区域裁 ...
- turn.js 图书翻页效果
今天用turn.js 做图书的翻页效果遇到问题: 图片路径总是出错 调了一天,总算调出来了 我用的thinkphp,其他的不知道是不是一样 三 个地方要改动: 1.后台查出地址 注意的地方:1.地址要 ...