From Alternate Data Storage Forensics

by Michael Gregg

Introduction

This chapter examines router and network forensics. This chapter is important as many attacks will require the analyst to look for information in the router or require network forensics. This requires you to have an understanding of routers and their architecture. It is important to understand where they reside within the OSI model and what role they play within network communications.

Anytime you work with forensic evidence it is critical that the concept of chain of custody be understood. How evidence is handled, stored, accessed, and transported is critical, because if basic control measures are not observed the evidence may be ruled inadmissible in court.

Network Forensics

Network forensics can best be defined as the sniffing, recording, and analysis of network traffic and events. Network forensics are performed in order to discover the source of security incidents and attacks or other potential problems. One key role of the forensic expert is to differentiate repetitive problems from malicious attacks.

The Hacking Process

The hacking process follows a fixed methodology. The steps a hacker follows can be broadly divided into six phases:

  1. Reconnaissance

  2. Scanning and enumeration

  3. Gaining access

  4. Escalation of privilege

  5. Maintaining access

  6. Covering tracks and placing backdoors

The Intrusion Process

Reconnaissance is considered the first preattack phase. The hacker seeks to find out as much information as possible about the victim. The second preattack phase is scanning and enumeration. At this step in the methodology, the hacker is moving from passive...


Products & Services
Specialty Microscopes
Specialty microscopes are designed for specific applications such as metallurgy or gemology. They use specialized techniques or technologies such as acoustics to produce magnification.
Fluorometers
Fluorometers measure the amount of fluorescent radiation produced by a sample exposed to monochromatic radiation.
UV Light Systems
UV light systems provide ultraviolet light for identification, tracing, curing, disinfection or processing applications.
Scanning Probe Microscopes
Scanning probe microscopes form images of surfaces by using a physical probe that scans the specimen. Examples include AFMs (atomic force microscopes), MFMs (magetic force microscopes), and STMs (scanning tunneling microscopes).
CNC Routers
CNC routers are computer-controlled machines that are capable of cutting complex two-dimensional (2D) and three-dimensional (3D) shapes with router bits that spin at high speeds.

Topics of Interest

by Kevin O Shea and Thomas Ralph Introduction WiFi an acronym for wireless fidelity (wireless) encompasses a number of standards that enable computers and other devices to connect wirelessly to...

Introduction This chapter examines router and network forensics. This chapter is important as many attacks will require the analyst to look for information in the router or require network forensics.

Summary There is no doubt that the investigators of tomorrow will be faced with more digital information present in greater numbers and types of devices. Seizing the relevant evidentiary information...

Summary There is no doubt that the investigators of tomorrow will be faced with more digital information present in greater numbers and types of devices. Seizing the relevant evidentiary information...

by Jim Steele Introduction Digital forensics is probably the most intricate part of the cyber crime investigation process. It is often where the strongest evidence will come from. Digital forensics...