Some things we learned this week are:

• Types of storage media includes; ROM, NVRAM, DRAM, CAM and Hard Drive.
• Switches are used to map MAC addresses to the corresponding physical switch ports.
• There are different types of switches; such as, Managed Switches, Smart Switches and Home Switches.
• Routers, as it name suggests, are used to route the packets to either other networks or the different devices that connects to a certain network. There are several types of router; enterprise, consumer and custom routers.
• Firewalls is a security device, that monitors the packets and traffic going in and out. As a security device, its log files contains more extensive info; these includes, connection attempts, protocols used, and applications. Just like routers, both consumer grade and enterprise grade firewalls exists.

Some of the things we learned this week are:

• We learned about the differences between NIDS and NIPS. NIDS or network intrusion detection system examines the network traffic patterns to identify intrusions for an entire network. NIPS or network intrusion prevention system examines network traffic flows to detect and prevent vulnerability exploits.
• Rules used to detect the intrusions itself are always being updated by other researches themselves.
• There are two types of IDS (Intrusion Detection System), commercial (paid) and open-source (free). Examples of IDS are NGIPS, Extreme NIPS, Tipping Point IPS, etc.

Some of the things we learned this week includes:

• The differences of AM & FM radio signals. AM refers to amplitude modulation, whereas FM refers to frequency modulation. AN AM signal usually has more ranges as compared to FM signals, however it does have less power.
• We also learned about “The Evil Twin Attack”. As quoted from wikipedia, “An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam. “

Some of the things we learned this week are:

• The goal of evidence acquisition is to find & gather data from various network sources in an organization, though trying to minimalize the impact on the organization itself while doing so.
• To conduct a physical interception, some tools & techniques used are inline network tapping, “vampire taps”, induction coils, etc.

Some of the things we learned about this week are :

• We learned about flow analysis. Flow itself refers to the act of sending a group of packets from a source to a certain destination. Flow analysis, is simply an analysis to find patterns and suspicious activities on the flow itself.
• The difference between unicast, anycast, and multicast.
• Some tools used when conducting a flow analysis includes, WireShark, TShark, TcpFlow, PcapCat, etc.

Some of the things we learn about this week:

• Some sources of network-based evidences are:
  • On the wire, these are physical cabling that carries data over the network.
  • In the Air, these refers to wireless stations – to – station signals.
  • Switches, can be used to get MAC addresses of the devices.
  • Routers, used to get the IP addresses and port numbers. Most routers have logging functions & intrusion detection.
  • DHCP Server, leases IP addresses & create log of events (IP addresses, MAC addresses).
  • DNS Server, maps IP addresses to host names.
  • Authentication Server, centralized the authentication services.
  • NIDS/NIPS, monitors real time network traffic.
  • Firewalls, does a deep packet inspection and either forward, log or drop the packet accordingly.
  • Web Proxies, used to analyze phishing email successes, inappropriate web surfing habits and web-based malware.
  • Application Server, store application logs, authorization data, clients information.
  • Centralized Log Server, it combines event logs from many sources where they can be time stamped, correlated and analyze automatically.
  • Modem, the main function is as a gateway for Internet access.

Some of the things we learn about this week:

• Network forensics is a part of digital forensics that focuses on monitoring and analysing network traffic. Its purpose is for intrusion detection/prevention, information gathering and legal evidence.
• Some differences regarding a traditional computer forensics and network forensics. On computer forensics, data does not change much on daily usage, the evidences are contained within the file system, it is easy to perform a forensically sound acquisition and that seizing one or several computers would not impact the business deeply. On network forensics though, data changes constantly, on some cases the evidences may exists only on RAM, the fact that most network devices does not have non-volatile storage and that taking network devices would be problematic (to the business).
• A Digital Evidence, according to the National Institute of Justice US, is “Information stored or transmitted in binary form that may be relied on in court”.
• We briefly learned about two investigative methodology; OSCAR and TAARA. OSCAR includes 5 main steps, “Obtain Information”, “Strategize”, “Collect Evidence”, “Analyze” and “Report”.

Week 1

This week we were introduced to the world of Artificial Intelligence (A.I) and Machine Learning (M.L). We learned about the differences between A.I. and M.L. as well as a short history of it; for example, we learned about John McCarthy who was considered to be the father of A.I. Furthermore, we were thought a bit about the concept surrounding A.I. and how it works. What an Intelligent Agent is and how it uses ‘sensors’ to determined how to act rationally upon that environment using ‘actuators’.

Week 2

This week we mainly learned about Search Strategies. It can be classified to two different types; Uninformed and Informed, although we mainly learned and discussed about Uninformed Search Strategies (USS) for this week. It is basically strategies where they do not know whether a node is ‘more promising’ than the others. There are five methods (that we learned of anyway) of USS, some of which we have actually learned in the previous semester.