5

Network Forensics Laura Chappell Sr. Protocol/Security Analyst Protocol Analysis Institute www.packet-level.com

Network Forensics Laura Chappell Sr. Protocol/Security Analyst Protocol Analysis Institute

Download PPT Report

View
227
Download
3

Tags:

Embed Size (px)

Citation preview

Page 1: Network Forensics Laura Chappell Sr. Protocol/Security Analyst Protocol Analysis Institute

Network ForensicsLaura Chappell

Sr. Protocol/Security Analyst

Protocol Analysis Institute

www.packet-level.com

Page 2: Network Forensics Laura Chappell Sr. Protocol/Security Analyst Protocol Analysis Institute

Contents

What is “network forensics”

Where to place the wiretap

Legal issues of wiretapping

Evidence examination

TCP connection overflow attack (justascan.dmp)

OS fingerprinting (osfingeprinting.dmp)

Malware infection (evilprogram.dmp)

Back-door IRS channel (clientdying.dmp)

Network flood attack (macof.dmp)

Page 3: Network Forensics Laura Chappell Sr. Protocol/Security Analyst Protocol Analysis Institute

I Could Show You Screenshots…

Page 4: Network Forensics Laura Chappell Sr. Protocol/Security Analyst Protocol Analysis Institute

Or We Could Work Live…

Page 5: Network Forensics Laura Chappell Sr. Protocol/Security Analyst Protocol Analysis Institute

Contact Details

Laura Chappell Protocol Analysis Institute, LLC 5339 Prospect Road, Suite 343 San Jose, CA 95129 Phone (408) 378-7841 Fax (408) 378-7891 Web: www.packet-level.com Email: [email protected]

http://www.packet-level.com/

mailto:[email protected]

Chappell Universal Framing Square · Chappell Universal Square 5 Contents Chappell Universal Square Overview 7 A) Expanded Hip & Valley Rafter Tables; B) Unequal Pitched Rafter Tables;

Chappell Universal Framing Square · Chappell Universal Square 5 Contents Chappell Universal Square Overview 7 A) Expanded Hip & Valley Rafter Tables; B) Unequal Pitched Rafter Tables;

Documents

David Chappell, Chappell & Associates August 2005download.microsoft.com/.../biztalk2006/Understanding_BTS06.pdf · Understanding BizTalk Server 2006 David Chappell, ... orchestration,

David Chappell, Chappell & Associates August 2005download.microsoft.com/.../biztalk2006/Understanding_BTS06.pdf · Understanding BizTalk Server 2006 David Chappell, ... orchestration,

Documents

Introducing Windows Azure - David Chappell

Introducing Windows Azure - David Chappell

Documents

Family Handbook - Chappell Schools

Family Handbook - Chappell Schools

Documents

Introducing Windows Azure - David Chappell€¦ · introducing windows azure david chappell march 2009 sponsored by microsoft corporation

Introducing Windows Azure - David Chappell€¦ · introducing windows azure david chappell march 2009 sponsored by microsoft corporation

Documents

Documents

Memory Forensics - publish.illinois.edupublish.illinois.edu/.../files/2014/03/acc-forensics.pdfWhat is Computer Forensics? Mobile Device Forensics Network Forensics Memory & Data Forensics

Memory Forensics - publish.illinois.edupublish.illinois.edu/.../files/2014/03/acc-forensics.pdfWhat is Computer Forensics? Mobile Device Forensics Network Forensics Memory & Data Forensics

Documents

Chappell - Analysis

Chappell - Analysis

Documents

Jones vs. Chappell

Jones vs. Chappell

Documents

Chappell Translation of Agamemnon

Chappell Translation of Agamemnon

Documents

Documents

EFFECTIVELY TEACHING WITH WIRESHARK LAURA CHAPPELL EFFECTIVELY TEACHING WITH WIRESHARK LAURA CHAPPELL LAURA@CHAPPELLU.COM CHAPPELLU.COM WIRESHARKTRAINING.COM

EFFECTIVELY TEACHING WITH WIRESHARK LAURA CHAPPELL EFFECTIVELY TEACHING WITH WIRESHARK LAURA CHAPPELL [email protected] CHAPPELLU.COM WIRESHARKTRAINING.COM

Documents

Understanding SOA Chappell

Understanding SOA Chappell

Documents

THE CASE FOR TEACHING NETWORK PROTOCOLS TO COMPUTER FORENSICS … · 2018-09-24 · Keywords: Computer forensics education, network forensics, protocol analysis ABSTRACT Most computer

THE CASE FOR TEACHING NETWORK PROTOCOLS TO COMPUTER FORENSICS … · 2018-09-24 · Keywords: Computer forensics education, network forensics, protocol analysis ABSTRACT Most computer

Documents

Reading the Peritrope Chappell

Reading the Peritrope Chappell

Documents

Chappell Universal Framing Square · Chappell Universal Square 7 Chappell Universal Square Overview The Chappell Universal Metric Framing Square incorporates a broad number of new

Chappell Universal Framing Square · Chappell Universal Square 7 Chappell Universal Square Overview The Chappell Universal Metric Framing Square incorporates a broad number of new

Documents

Understanding Software + Services: A Perspective David Chappell Chappell & Associates

Understanding Software + Services: A Perspective David Chappell Chappell & Associates

Documents

David Chappell Chappell & Associates

David Chappell Chappell & Associates

Documents

Buffer Overflows with Content - Lamar Universitygalaxy.cs.lamar.edu/~bsun/forensics/slides/Exploits.pdf · 2007-08-28 · Detecting Buffer Overflows by Protocol Signatures • Protocol

Buffer Overflows with Content - Lamar Universitygalaxy.cs.lamar.edu/~bsun/forensics/slides/Exploits.pdf · 2007-08-28 · Detecting Buffer Overflows by Protocol Signatures • Protocol

Documents

All About Mrs. Chappell. Mrs. Chappell – 3 rd Grade Hello, I am Mrs. Chappell. I will be your third grade teacher this year. This slideshow will help

All About Mrs. Chappell. Mrs. Chappell – 3 rd Grade Hello, I am Mrs. Chappell. I will be your third grade teacher this year. This slideshow will help

Documents

David Chappell Chappell & Associates ARC206

David Chappell Chappell & Associates ARC206

Documents

Forensics & Anti- Forensics

Forensics & Anti- Forensics

Documents

COE589: Digital Forensics - ccse.kfupm.edu.saahmadsm/coe589-122/00_Overview_Logisti… · Digital Forensics computer forensics mobile forensics network forensics ... COE589 - Ahmad

COE589: Digital Forensics - ccse.kfupm.edu.saahmadsm/coe589-122/00_Overview_Logisti… · Digital Forensics computer forensics mobile forensics network forensics ... COE589 - Ahmad

Documents

Moria Chappell Artistry

Moria Chappell Artistry

Documents

Chappell Universal Framing Squarechappellsquare.com/wordpress/wp-content/uploads/2013/05/Chappell... · curve without faltering, ... Chappell Universal Framing Square Description

Chappell Universal Framing Squarechappellsquare.com/wordpress/wp-content/uploads/2013/05/Chappell... · curve without faltering, ... Chappell Universal Framing Square Description

Documents

Chappell ThrasymachusVirtues 1993

Chappell ThrasymachusVirtues 1993

Documents

WILLIAM CHAPPELL

WILLIAM CHAPPELL

Documents

Chappell Universal Framing Square · 2010. 12. 16. · Chappell Universal Square Chappell Universal Square Overview The Chappell Universal Square incorporates an extremely broad number

Chappell Universal Framing Square · 2010. 12. 16. · Chappell Universal Square Chappell Universal Square Overview The Chappell Universal Square incorporates an extremely broad number

Documents

Cloud Platforms Today: A Perspective - David Chappell · Cloud Platforms Today: A Perspective David Chappell Chappell & Associates April 18, 2009. Cloud Computing ... Enterprise Application

Cloud Platforms Today: A Perspective - David Chappell · Cloud Platforms Today: A Perspective David Chappell Chappell & Associates April 18, 2009. Cloud Computing ... Enterprise Application

Documents

Chappell Anniversary 2011

Chappell Anniversary 2011

Documents