Network Forensic
In this video, I am going to investigate network traffic activities within the PCAP files, using Wireshark.
The Scenario, I am going to use in this demonstration is Puzzle #1: Ann’s Bad AIM.
By the end of this video, you will learn how to decode the traffic, view data within the network traffic, and recover a word document (extract a word document docx) that has been sent via AOL messenger.
The scenario is available to read and download from the Forensic Contest website using the link below.
forensicscontest.com/2009/09/...
forensicscontest.com/contest01...
0:00 - Intro
1:28 - Case Scenario
3:04 - Your Task
3:38 - WireShark and PCAP file
4:15 - WireShark IP address filtering
5:05 - Analysis of the Traffic
6:05- Whois 64.12.24.50 AOL
7:20 - Decode Protocol to AIM
9:30 - Readable format
10:00 - What is the name of Ann’s IM buddy?
11:00 - What was the first comment in the captured IM conversation?
12:07 - What is the name of the file Ann transferred?
13:35 - Keyword search within PCAP WireShark
14:55 - Export the file from PCAP Network Traffic
18:00 - What is the secret recipe?
18:43 - What was the MD5sum and the magic number of the file?
24 июл 2024
