CHFI

Understand-Web-Applications-Architecture-in-Forensic-Investigation

Understand Web Applications Architecture in Forensic Investigation

Leave a Comment / CHFI, Knowledge Base / By

Understand Web Applications Architecture in Forensic Investigation in this all web applications are executed via a support client, i.e. a web browser. Web applications use a group of client-side scripts, such as HTML, JavaScript, etc., which presents the information, and the server-side scripts, such as ASP, PHP, etc., which handles the hardware tasks such as storing and gathering of the required data, are used by the web application for its execution. In the web application …

Understand Web Applications Architecture in Forensic Investigation Read More »

Gathering-Evidence-from-an-IDS

Gathering Evidence from an IDS

Leave a Comment / CHFI, Knowledge Base / By

Gathering Evidence from an IDS in this the monitoring network traffic is of prime importance. Organizations install IDSes to monitor intrusions. To capture network traffic, first configure the IDS. However, this is not sufficient as a source of evidence, because the 1DS is incapable of performing integrity checks on log files. In a network investigation, preserving digital evidence is difficult, as the data displayed on screen will remain only for few seconds. The Windows HyperTerminal …

Gathering Evidence from an IDS Read More »

Understand-Evidence-Gathering-via-Sniffing

Understand Evidence Gathering via Sniffing

Leave a Comment / CHFI / By

Understand Evidence Gathering via Sniffing in this aerticle a computer connected to the LAN has two addresses. One is that the MAC address that specifically identifies each node within the network and is stored on the network card itself. The ethernet protocol uses the MAC address while building “frames” to exchange the info among the systems. the opposite is that the IP address employed by the applications. The data-link layer uses an ethernet header with …

Understand Evidence Gathering via Sniffing Read More »

Investigation-of-Network-Traffic

Investigation of Network Traffic

Leave a Comment / CHFI, Knowledge Base / By

Investigation of Network Traffic in this Network forensics are often defined as sniffing, recording, acquisition, and analysis of the network traffic and event logs so as to research a network security incident. It allows investigator to examine network traffic and logs to spot and locate the attacking system. Devices connected to network still proliferate; computers, smartphones, tablets etc. because the number of attacks against networked systems grow, the importance of network forensics has increased and …

Investigation of Network Traffic Read More »

Sample DHCP Audit Log File

Leave a Comment / CHFI, Knowledge Base / By

Sample DHCP Audit Log File in this DHCP server during a network allocates IP address to a computer during its begin. Therefore, the DHCP server logs contain information regarding the systems that were assigned specific IP addresses by the server, at any given instance. Investigators can examine these logs during forensic examinations. Now DHCP administrators can easily access this data using the built-in logging mechanisms. The DHCP activity log are often read during a text-based …

Sample DHCP Audit Log File Read More »

Analyzing-IDS-Logs

Analyzing IDS Logs

1 Comment / CHFI, Knowledge Base / By

Analyzing IDS Logs in this Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are among the most sophisticated network security devices in use today.These systems’ logs contain valuable network threat information about attack types, devices being targeted, and more. Intrusion Detection Systems (IDS) are automated systems that monitor and analyze network traffic and generate “alerts” in response to activity that either match known patterns of malicious activities or is unusual. … IDS can be either network or host-based. In addition …

Analyzing IDS Logs Read More »

Analyzing-Firewall-Logs

Analyzing Firewall Logs

Leave a Comment / CHFI, Knowledge Base / By

Analyzing Firewall Logs provides insight in to the security threats and traffic behavior. In depth analysis of the firewall security logs provides critical network intelligence about attempts to breach security and attacks like virus, trojan, denial of service, etc. From the Network Objects tree, double-click the Security Management Server or Domain Log Server. The General Properties window opens. In the Management tab, select Logging & Status. From the navigation tree, click Logs.  is a simple and free online …

Analyzing Firewall Logs Read More »

Analyzing-Router-Logs-in-Network-Forensic-Investigation

Analyzing Router Logs in Network Forensic Investigation

Leave a Comment / CHFI, Knowledge Base / By

Analyzing Router Logs in Network Forensic Investigation, in this the investigator collects the logs of a router to examine and determine the details such as IP addresses and the protocols. Redirection of the logs to syslog server is done in the following mariner: #config terminal Logging 192.168.1.1 During any network hacking, or unauthorized access scenarios, all the logs pertaining to the attack will be stored in the compromised device, which may be the router/switch, database, IDS, …

Analyzing Router Logs in Network Forensic Investigation Read More »

Understand-Log-Capturing-and-Analysis-Tools

Understand Log Capturing and Analysis Tools

Leave a Comment / CHFI / By

Understand Log Capturing and Analysis Tools in this article explain different types of log capturing tools and analysis tools which are used in forensic investigation. Log Capturing and Analysis Tools Features: Analysis of log data, including SNMP traps, Windows event logs, W3C logs, text-based logs, Syslog, SQL Servers, and Oracle audit logs Provides specific reports for some of the major compliance acts as well as other standard reports Filter-enabled charts provide access to the important …

Understand Log Capturing and Analysis Tools Read More »