Computer Hacker And Forensic Investigator Training

Understand-Evidence-Gathering-via-Sniffing

Understand Evidence Gathering via Sniffing

Leave a Comment / CHFI / By

Understand Evidence Gathering via Sniffing in this aerticle a computer connected to the LAN has two addresses. One is that the MAC address that specifically identifies each node within the network and is stored on the network card itself. The ethernet protocol uses the MAC address while building “frames” to exchange the info among the systems. the opposite is that the IP address employed by the applications. The data-link layer uses an ethernet header with …

Understand Evidence Gathering via Sniffing Read More »

Investigation-of-Network-Traffic

Investigation of Network Traffic

Leave a Comment / CHFI, Knowledge Base / By

Investigation of Network Traffic in this Network forensics are often defined as sniffing, recording, acquisition, and analysis of the network traffic and event logs so as to research a network security incident. It allows investigator to examine network traffic and logs to spot and locate the attacking system. Devices connected to network still proliferate; computers, smartphones, tablets etc. because the number of attacks against networked systems grow, the importance of network forensics has increased and …

Investigation of Network Traffic Read More »

Analyzing-Firewall-Logs

Analyzing Firewall Logs

Leave a Comment / CHFI, Knowledge Base / By

Analyzing Firewall Logs provides insight in to the security threats and traffic behavior. In depth analysis of the firewall security logs provides critical network intelligence about attempts to breach security and attacks like virus, trojan, denial of service, etc. From the Network Objects tree, double-click the Security Management Server or Domain Log Server. The General Properties window opens. In the Management tab, select Logging & Status. From the navigation tree, click Logs.  is a simple and free online …

Analyzing Firewall Logs Read More »

Analyzing-Router-Logs-in-Network-Forensic-Investigation

Analyzing Router Logs in Network Forensic Investigation

Leave a Comment / CHFI, Knowledge Base / By

Analyzing Router Logs in Network Forensic Investigation, in this the investigator collects the logs of a router to examine and determine the details such as IP addresses and the protocols. Redirection of the logs to syslog server is done in the following mariner: #config terminal Logging 192.168.1.1 During any network hacking, or unauthorized access scenarios, all the logs pertaining to the attack will be stored in the compromised device, which may be the router/switch, database, IDS, …

Analyzing Router Logs in Network Forensic Investigation Read More »

Understand-Log-Capturing-and-Analysis-Tools

Understand Log Capturing and Analysis Tools

Leave a Comment / CHFI / By

Understand Log Capturing and Analysis Tools in this article explain different types of log capturing tools and analysis tools which are used in forensic investigation. Log Capturing and Analysis Tools Features: Analysis of log data, including SNMP traps, Windows event logs, W3C logs, text-based logs, Syslog, SQL Servers, and Oracle audit logs Provides specific reports for some of the major compliance acts as well as other standard reports Filter-enabled charts provide access to the important …

Understand Log Capturing and Analysis Tools Read More »

Understand-Network-Forensics-Analysis-Mechanism

Understand Network Forensics Analysis Mechanism

Leave a Comment / CHFI, Knowledge Base / By

This network forensics analysis mechanism includes presenting the evidence, manipulating, and automated reasoning. Analyst Interface The analyst interface provides visualization of the evidence graph and reasoning results to the analyst, who passes the feedback to the graph generation and reasoning components. Evidence Collection Evidence collection involves the collection of intrusion evidence from networks and hosts under investigation. Evidence Preprocessing Evidence preprocessing deals with the analysis of assertive types of evidence, such as intrusion alerts, into …

Understand Network Forensics Analysis Mechanism Read More »

Centralized-Logging

What is Centralized Logging?

Leave a Comment / CHFI / By

Centralized Logging is defined as a gathering of the computer system logs for a group of systems in a centralized location. All network logs are stored on a centralized server or computer, which helps administrators perform easy backup and retrieval. It allows the administrator to check logs on each system on a regular basis. It is used to efficiently monitor computer system logs with the frequency required to detect security violations and unusual activity. Centralized …

What is Centralized Logging? Read More »

Understand-Log-File-Accuracy

Understand Log File Accuracy

Leave a Comment / CHFI / By

Understand Log File Accuracy in this during forensic investigation, log files provide a valuable source of evidence. Since these log files act as evidence in court, investigators should ensure that the files are accurate. Without following certain guidelines while collecting and preserving the log files, they will not be acceptable as valid evidence in the court. Therefore, investigators should follow the above mentioned steps to maintain the log file accuracy. Log Everything Configure the web …

Understand Log File Accuracy Read More »

Summarize-the-Event-Correlation

Summarize the Event Correlation

Leave a Comment / CHFI, Knowledge Base / By

Summarize the Event Correlation in this article Event correlation is a technique used to assign a new meaning for relating a set of events that occur in a fixed amount of time. This event correlation technique identifies a few events that are important among the large number of events. During the process of event correlation, some new events may occur and delete some existing events from the event stream. In general, the investigators can perform …

Summarize the Event Correlation Read More »

Understand-Laws-and-Regulations

Understand Laws and Regulations

Leave a Comment / CHFI, Knowledge Base / By

Understand Laws and Regulations in this there are many laws that affect digital forensics investigation; for example, some jurisdictions have passed laws that require the investigator to be either a law enforcement officer or a licensed private investigator to extract the evidence. Of course, that does not prevent a forensic investigator from working with information someone else extracted or extracting evidence if the information owner gave his or her permission. It is important to be …

Understand Laws and Regulations Read More »