1 / 12

Network-Based File Carving: Unveiling Data Retrieval Techniques and Tools

This presentation delves into the art of network-based file carving, where we explore advanced data retrieval techniques from captured network packets. Led by an experienced hacker and independent security researcher, we'll cover essential tools like Wireshark and Scalpel, alongside methodologies for effective pcap analysis. Attendees will learn about protocol analyzers, common protocols, and practical applications in incident response. Join us to deepen your understanding of network data extraction and improve your cybersecurity skills.

vivien-cooper
Télécharger la présentation

Network-Based File Carving: Unveiling Data Retrieval Techniques and Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Based File Carving OR I know what you downloaded last night! By: GTKlondike

  2. Who Am I? Oh hey, that guy…

  3. I Am… • Hacker/independent security researcher/subspace half-ninja • Several years of experience in network infrastructure and security consulting as well as systems administration (Routing, Switching, Firewalls, Servers) • Passionate about networking • I’m friendly, just come up and say hi Contact Info: • Email: gtklondike@gmail.com • Zombie-Blog: gtknetrunner.blogspot.com

  4. What should you know already? • Assumed basic knowledge of: • Protocol analyzers (Wireshark/TCPdump) • OSI and TCP/IP model • Major protocols (I.e. DNS, HTTP(s), TCP, UDP, DHCP, ARP, IP, etc.)

  5. Tools I Will Be Using • Wireshark • Network Miner • Hex editor • Scalpel • File Signature Databasehttp://www.garykessler.net/library/file_sigs.html

  6. What Is File Carving? • It’s a word search on steroids!

  7. Pcap Analysis Methodology • Pattern Matching – Identify and filter packets of interest by matching specific values or protocol meta-data • List Conversations – List all conversation streams within the filtered packet capture • Export - Isolate and export specific conversation streams of interest • Draw Conclusions – Extract files or data from streams and compile data

  8. Demo Time! Yeah…. Security Onion: /opt/samples/fake_av.pcap

  9. Security Onion: /opt/samples/fake_av.pcap

  10. Security Onion: /opt/samples/fake_av.pcap

  11. Additional Information (Pcap Files) • http://www.netresec.com/?page=PcapFiles • http://forensicscontest.com/puzzles • http://www.honeynet.org/node/504 • https://www.evilfingers.com/repository/pcaps.php • http://code.google.com/p/security-onion/wiki/Pcaps

  12. Further Reading • Network-Based File Carving • http://blogs.cisco.com/security/network-based-file-carving/ • Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems • By: Chris Sanders • Network Forensics: Tracking Hackers Through Cyberspace • By: Sherri Davidoff, Jonathan Ham • Guide to Integrating Forensic Techniques into Incident Response • http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf • File Signatures • http://www.garykessler.net/library/file_sigs.html

More Related