As a professional forensic guy, you can not be too careful to anlyze the evidence. Especially when the case is about malware or hacker. Protect your workstation is your responsibility. You are a professional forensic examiner, so don't get infected when examining the evidence file or network packet files. A friend of mine, she is also a forensic examiner, became victim yesterday. It's too ridiculous!!! She was very embrassing. The reason why she got infected was that she extracted a zip file from a suspicious network packet file and "accessed" that zip file. Then something happened. What a tragedy~

Let me show you how to analyze network packet files by using Network Miner. Import the network packet file you captured from the victim's workstation. See the tab "Credentials" we could find some important clue about accout and password.

See tab "Files" Network Miner could extract files inside the network packet file. It's very convenient for forensic guys to identify the files transfered.

Right click on the suspicious file and you could see where the file is by "Open folder".

Now you know where it is. Don't be too exciting. Curiosity killed cats!!!

"Life was like a box of chocolates. You never know what you're gonna get." Similarly a forensic guy never know whether any suspicious malware or virus is inside the file or not. So you have to conduct a malware analysis on it. Let me show you the verify result as below:

Analyze network packet files very carefully的更多相关文章

  1. 【翻译自mos文章】Clusterware间歇性的hang,命令报CRS-184而且Network Socket Files in /tmp/.oracle or /var/tmp/.oracle被删

    来源于: Clusterware Intermittently Hangs And Commands Fail With CRS-184 as Network Socker Files in /tmp ...

  2. 1519484 - How to analyze network disconnections shown in system log (transaction SM21)

    Symptom System log (transaction SM21) shows network disconnections, e.g.: Q04 Connection to user 264 ...

  3. ELK实践(一):基础入门

    虽然用了ELK很久了,但一直苦于没有自己尝试搭建过,所以想抽时间尝试尝试.原本打算按照教程 <ELK集中式日志平台之二 - 部署>(作者:樊浩柏科学院) 进行测试的,没想到一路出了很多坑, ...

  4. [转]Getting a Packet Trace

    src:https://developer.apple.com/library/mac/qa/qa1176/_index.html Technical Q&A QA1176 Getting a ...

  5. Network Load Balancing Technical Overview--reference

    http://technet.microsoft.com/en-us/library/bb742455.aspx Abstract Network Load Balancing, a clusteri ...

  6. [Windows Azure] Windows Azure Virtual Network Overview

    Windows Azure Virtual Network Overview 18 out of 33 rated this helpful - Rate this topic Updated: Ap ...

  7. PatentTips - Data Plane Packet Processing Tool Chain

    BACKGROUND The present disclosure relates generally to systems and methods for providing a data plan ...

  8. Configure a bridged network interface for KVM using RHEL 5.4 or later?

    environment Red Hat Enterprise Linux 5.4 or later Red Hat Enterprise Linux 6.0 or later KVM virtual ...

  9. Configuring Network Configuration-RHEL7

    1.查看网络状态systemctl status NetworkManager You can use the  systemctl status NetworkManager  command to ...

随机推荐

  1. xml+js+html的二级联动

    首先需要准备的文档是: cities.xml //主要是标注中国各省及其各省下的各个城市 内容如下: <?xml version="1.0" encoding="U ...

  2. Ubuntu中安装eclipse ,双击eclipse出现invalid configuration location问题

    ubuntu invalid configuration location   标签: myeclipse for ubuntu   ubuntu myeclipse   ubuntu安装myecli ...

  3. SVG DOM常用属性和方法介绍

    将以Adobe SVG Viewer提供的属性和方法为准,因为不同解析器对JavaScript以及相关的属性和方法支持的程度不同,有些方法和属性是某个解析器所特有的.SVG支持DOM2标准. 12.2 ...

  4. BLE Hacking:使用Ubertooth one扫描嗅探低功耗蓝牙

    0×00 前言 低功耗蓝牙(Low Energy; LE),又视为Bluetooth Smart或蓝牙核心规格4.0版本.其特点具备节能.便于采用,是蓝牙技术专为物联网(Internet of Thi ...

  5. Qt Creator提示"Qt没有被正确安装,请运行make install"的解决办法

    笔者最近使用Qt在开发一些小程序,觉得这个框架设计确实很好,使用了信号和槽解决了组件之间的通讯问题,可以说是基于C++语言上一个非常大的创新,大大提高了开发人员的编码效率,也使整个C++语言更加抽象. ...

  6. Gym 100960G (set+树状数组)

    Problem Youngling Tournament 题目大意 给一个序列a[i],每次操作可以更改一个数,每次询问 将序列排序后有多少个数a[i]>=sum[i-1]. n<=10^ ...

  7. Pylot压力测试(linux)

    Pylot需要python2.5以上的版本,打开以后选择对应你的系统的版本,下载好之后双击安装. centOS5.5 系统版本python版本是2.4.3,所以要下载个2.5以上的. 1.下载Pyth ...

  8. tf.slice可以用于矩阵也就是图片的切割

    第一个向量表示切割的起点,第二个向量表示矩形框的大小,-1表示取该元素的最大值

  9. python 多线程threading

    上一篇说到thread模块,我们要自己解决线程锁.其实也没有什么啦.只是现在的人都比较懒,既然有高级封装的函数为什么要自己写. 所以就有了threading. 其实都一样啦. 来一个最简单的threa ...

  10. 《C与指针》第二章练习

    本章问题 1.Comments in C do not nest(嵌套).What would be the result of "commenting out" the code ...