本文通过一个朋友因不当操作而被感染的例子,强调了作为专业取证人员在分析恶意软件或黑客证据时必须保持高度警惕的重要性。文章介绍了如何使用Network Miner分析网络包文件,并从中查找账号密码线索及提取可疑文件。
As a professional forensic guy, you can not be too careful to anlyze the evidence. Especially when the case is about malware or hacker. Protect your workstation is your responsibility. You are a professional forensic examiner, so don't get infected when examining the evidence file or network packet files. A friend of mine, she is also a forensic examiner, became victim yesterday. It's too ridiculous!!! She was very embrassing. The reason why she got infected was that she extracted a zip file from a suspicious network packet file and "accessed" that zip file. Then something happened. What a tragedy~
Let me show you how to analyze network packet files by using Network Miner. Import the network packet file you captured from the victim's workstation. See the tab "Credentials" we could find some important clue about accout and password.
See tab "Files" Network Miner could extract files inside the network packet file. It's very convenient for forensic guys to identify the files transfered.
Right click on the suspicious file and you could see where the file is by "Open folder".
Now you know where it is. Don't be too exciting. Curiosity killed cats!!!
"Life was like a box of chocolates. You never know what you're gonna get." Similarly a forensic guy never know whether any suspicious malware or virus is inside the file or not. So you have to conduct a malware analysis on it. Let me show you the verify result as below:
扫一扫
371
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
