COMP6348 Network Forensics – Week 2

Posted on January 8, 2021 by 2201798295alifio

Some of the things we learn about this week:

  • Some sources of network-based evidences are:
    • On the wire, these are physical cabling that carries data over the network.
    • In the Air, these refers to wireless stations – to – station signals.
    • Switches, can be used to get MAC addresses of the devices.
    • Routers, used to get the IP addresses and port numbers. Most routers have logging functions & intrusion detection.
    • DHCP Server, leases IP addresses & create log of events (IP addresses, MAC addresses).
    • DNS Server, maps IP addresses to host names.
    • Authentication Server, centralized the authentication services.
    • NIDS/NIPS, monitors real time network traffic.
    • Firewalls, does a deep packet inspection and either forward, log or drop the packet accordingly.
    • Web Proxies, used to analyze phishing email successes, inappropriate web surfing habits and web-based malware.
    • Application Server, store application logs, authorization data, clients information.
    • Centralized Log Server, it combines event logs from many sources where they can be time stamped, correlated and analyze automatically.
    • Modem, the main function is as a gateway for Internet access.

This entry was posted in Courses Related. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *