files

Understand-IIS-Web-Server-Architecture-in-Forensic-Investigation

Understand IIS Web Server Architecture in Forensic Investigation

Leave a Comment / CHFI / By

Understand IIS Web Server Architecture in Forensic Investigation in this article Internet Information Server ON, a Microsoft-developed application, is a Visual Basic code application that lives on a Web server and responds to requests from the browser. It supports HTTP, HTTPS, FTP, FITS, SMTP, and NNTP. An IIS application uses HTML to present its user interface and uses compiled Visual Basic code to process the requests and respond to events in the browser. IIS for …

Understand IIS Web Server Architecture in Forensic Investigation Read More »

Introduction-to-Web-Application-Forensics

Introduction to Web Application Forensics

Leave a Comment / CHFI / By

Introduction to Web Application Forensics in this the Web applications are programs that exist on a central server permitting a user, who visits a website via the Internet, to submit and retrieve data to and from a database. A web application makes a request through a web server. When the server responds to the request, the web application generates documents of the response for better client/user service. The web documents generated by web applications are …

Introduction to Web Application Forensics Read More »

Gathering-Evidence-from-an-IDS

Gathering Evidence from an IDS

Leave a Comment / CHFI, Knowledge Base / By

Gathering Evidence from an IDS in this the monitoring network traffic is of prime importance. Organizations install IDSes to monitor intrusions. To capture network traffic, first configure the IDS. However, this is not sufficient as a source of evidence, because the 1DS is incapable of performing integrity checks on log files. In a network investigation, preserving digital evidence is difficult, as the data displayed on screen will remain only for few seconds. The Windows HyperTerminal …

Gathering Evidence from an IDS Read More »

Understand-Evidence-Gathering-via-Sniffing

Understand Evidence Gathering via Sniffing

Leave a Comment / CHFI / By

Understand Evidence Gathering via Sniffing in this aerticle a computer connected to the LAN has two addresses. One is that the MAC address that specifically identifies each node within the network and is stored on the network card itself. The ethernet protocol uses the MAC address while building “frames” to exchange the info among the systems. the opposite is that the IP address employed by the applications. The data-link layer uses an ethernet header with …

Understand Evidence Gathering via Sniffing Read More »

Analyzing-Firewall-Logs

Analyzing Firewall Logs

Leave a Comment / CHFI, Knowledge Base / By

Analyzing Firewall Logs provides insight in to the security threats and traffic behavior. In depth analysis of the firewall security logs provides critical network intelligence about attempts to breach security and attacks like virus, trojan, denial of service, etc. From the Network Objects tree, double-click the Security Management Server or Domain Log Server. The General Properties window opens. In the Management tab, select Logging & Status. From the navigation tree, click Logs.  is a simple and free online …

Analyzing Firewall Logs Read More »

Analyzing-Router-Logs-in-Network-Forensic-Investigation

Analyzing Router Logs in Network Forensic Investigation

Leave a Comment / CHFI, Knowledge Base / By

Analyzing Router Logs in Network Forensic Investigation, in this the investigator collects the logs of a router to examine and determine the details such as IP addresses and the protocols. Redirection of the logs to syslog server is done in the following mariner: #config terminal Logging 192.168.1.1 During any network hacking, or unauthorized access scenarios, all the logs pertaining to the attack will be stored in the compromised device, which may be the router/switch, database, IDS, …

Analyzing Router Logs in Network Forensic Investigation Read More »

Understand-Network-Forensics-Analysis-Mechanism

Understand Network Forensics Analysis Mechanism

Leave a Comment / CHFI, Knowledge Base / By

This network forensics analysis mechanism includes presenting the evidence, manipulating, and automated reasoning. Analyst Interface The analyst interface provides visualization of the evidence graph and reasoning results to the analyst, who passes the feedback to the graph generation and reasoning components. Evidence Collection Evidence collection involves the collection of intrusion evidence from networks and hosts under investigation. Evidence Preprocessing Evidence preprocessing deals with the analysis of assertive types of evidence, such as intrusion alerts, into …

Understand Network Forensics Analysis Mechanism Read More »

Centralized-Logging

What is Centralized Logging?

Leave a Comment / CHFI / By

Centralized Logging is defined as a gathering of the computer system logs for a group of systems in a centralized location. All network logs are stored on a centralized server or computer, which helps administrators perform easy backup and retrieval. It allows the administrator to check logs on each system on a regular basis. It is used to efficiently monitor computer system logs with the frequency required to detect security violations and unusual activity. Centralized …

What is Centralized Logging? Read More »

Understand-Log-File-Accuracy

Understand Log File Accuracy

Leave a Comment / CHFI / By

Understand Log File Accuracy in this during forensic investigation, log files provide a valuable source of evidence. Since these log files act as evidence in court, investigators should ensure that the files are accurate. Without following certain guidelines while collecting and preserving the log files, they will not be acceptable as valid evidence in the court. Therefore, investigators should follow the above mentioned steps to maintain the log file accuracy. Log Everything Configure the web …

Understand Log File Accuracy Read More »

Mac-Forensics

Mac Forensics

Leave a Comment / CHFI / By

Mac Forensics in this article Mac is short for the Macintosh operating systems developed by Apple to support its line of devices and series of personal computers, Mac is one of the most adopted systems across the globe and is also facing increase in number of attacks annually. The investigators must have knowledge of Mac, its process, policies, functions and internal storage patters used by the operating system to be able to perform forensics. This …

Mac Forensics Read More »