KEMBAR78
Digital Forensics Lab CTF | PDF | Computer Network | Network Packet
Scribd
Upload
268 views6 pages

Digital Forensics Lab CTF

Uploaded by

offsechouse
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
268 views6 pages

Digital Forensics Lab CTF

Uploaded by

offsechouse
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Digital Forensics Lab CTF

vishal
Manav Rachna
University Sem-4
2K22CSUN01253
Q1: According to the given scenario. Download the below pcap file provided and answer the
following questions- Link to download- https://drive.google.com/file/d/1yNQEBfC5FKh2JZzb6-
k9ysvmqoEQiyH-/view?usp=drive_link

Wireshark is a popular network protocol analyzer tool. It is open-source software that allows you to
capture and interactively browse the traffic running on a computer network. Originally known as
Ethereal, it was renamed Wireshark in 2006.Here are some key features of Wireshark:
Packet Capture: Wireshark captures packets from a network interface in real-time or from a
previously captured file (pcap or pcapng format).

Protocol Analysis: It decodes various network protocols, allowing you to inspect the contents of
packets and analyze the behavior of networked devices and applications.
Powerful Filters: Wireshark provides powerful display filters that allow you to focus on specific
packets or types of traffic based on various criteria such as IP addresses, protocols, ports, and packet
contents.

Packet Inspection: Wireshark allows you to inspect packet details, including header information,
payload data, and timing information.

Graphical User Interface (GUI): Wireshark provides an intuitive GUI that allows users to navigate
captured packets, apply filters, and analyze network traffic efficiently.

Protocol Support: It supports a wide range of network protocols, including Ethernet, TCP/IP, HTTP,
DNS, DHCP, FTP, SSH, SSL/TLS, and many more.

Cross-Platform: Wireshark is available for various operating systems, including Windows, macOS,
and Linux, making it widely accessible to users across different platforms.

Overall, Wireshark is a powerful tool used by network administrators, security professionals,


developers, and researchers to troubleshoot network issues, analyze network performance, and
investigate security incidents.

We have use different filter(commands) to find the queries

1. What is the victim’s IP Address ?


2. What is the MAC address of the victim ?

3. What is the name of the host PC ?

4. MAC address of the victim belongs to which organization ?


5. What is the windows user account?

NetworkMiner is an open source network forensics tool that extracts artifacts, such as files,
images, emails and passwords, from captured network traffic in PCAP files. NetworkMiner can
also be used to capture live network traffic by sniffing a network interface. Detailed information
about each IP address in the analyzed network traffic is aggregated to a network host inventory,
which can be used for passive asset discovery as well as to get an overview of which devices that
are communicating. NetworkMiner is primarily designed to run in Windows, but can also be
used in Linux. NetworkMiner has, since the first release in 2007, become a popular tool among
incident response teams as well as law enforcement. NetworkMiner is today used by companies
and organizations all over the world.
Q2: Download the below forensic image provided. And answer the following questions- Link to
Download-
https://drive.google.com/file/d/1G8ctImKmwOHtsCsXEU9Ks5goWVZ9sBau/view?usp=drive_link

Autopsy is an open-source digital forensics platform used for analyzing and investigating digital
media. It is designed to be user-friendly and powerful, making it suitable for both beginner and
advanced forensic analysts. Here are some key features of Autopsy:

Disk Image Analysis: Autopsy allows you to analyze disk images (e.g., forensic images, disk clones) to
uncover evidence related to digital investigations. It supports various disk image formats.

File System Analysis: It provides tools for parsing and examining file systems, including NTFS, FAT,
exFAT, HFS+, and Ext file systems. You can navigate through directory structures, view file metadata,
and recover deleted files.

Keyword Search: Autopsy enables you to search for specific keywords or patterns within the disk
image. This feature is useful for locating relevant files, documents, or other evidence.

Timeline Analysis: It generates a timeline of file activity based on metadata and file system
timestamps. This helps forensic analysts understand the sequence of events and activities on the
disk.

File Carving: Autopsy includes file carving capabilities to recover files that have been deleted or lost
due to file system corruption. It can reconstruct fragmented files based on file signatures and
metadata.

Artifact Analysis: Autopsy supports the analysis of various digital artifacts, such as internet history,
email messages, chat logs, registry entries, and system logs. These artifacts can provide valuable
insights into user activities and behaviors.
Reporting: It offers reporting features to document findings and create professional forensic reports.
You can generate reports in various formats, including HTML, PDF, and CSV.

Plug-in Architecture: Autopsy supports plug-ins, allowing users to extend its functionality with
custom modules and scripts. This flexibility enables forensic analysts to tailor Autopsy to their
specific needs and workflows.

Autopsy is widely used by digital forensics professionals, law enforcement agencies, incident
responders, and cybersecurity researchers for conducting forensic examinations, investigating
cybercrimes, and providing expert testimony in legal proceedings.
1. What operating system was used on the computer ?

2. How many accounts are recorded (total number) ?

3. How many files are there in Recent Documents ?

4. How many Bookmarks are there ?


5. How many executable files are in recylebin?

You might also like