Digital forensics
Assignment2
咱这个课程号+课程名称,懂得都懂,要不是本科没学网安相关课程,一窍不通,我也不至于到处找答案唉。
There is no exact answer here, just for reference.
Problem 1
Problem 1: One morning, one staff working at IT department of a company noticed a strange laptop which connected from a Wi-Fi Access Point at parking lot instead of regular office area, so he started to capture the network traffic immediately (the captured packets are saved in file “problem_1.pcap”). However, the strange laptop got offline and disappeared very quickly. No strange things had happened (no network scanning, no denial-of-service attack, no brute-force attack on SSH servers, etc.), except a computer (with IP address 192.168.1.158 ) sent some IMs over the wireless network to that laptop. Through the log files of DHCP server, he know that the computer belongs to an employee named Ann.
You are the forensic investigator. Your mission is to figure out who Ann was IM-ing, what she sent, and recover evidence including:
- What is the name of Ann’s IM buddy?
- What was the first comment in the captured IM conversation?
- What is the name of the file Ann transferred?
- What is the magic number of the file you want to extract (first four bytes)?
- What was the MD5sum of the file?
Answer:
https://www.epubit.com/articleDetails?id=N9573c131-4c32-4e95-b092-ae2317cfb785
Problem 2
Problem 2: A company has come and asked for your help on a recent security incident, in which an important file was stolen. Since employees could not use any USB sticks or similar, the file must been stolen through network. Fortunately, they have got a copy of network traffic file for that day (i.e., problem_2.pcap) . As a network forensic expert, could you help them get following information?
(1) Attacker’s IP address
(2) The MD5 hash value of the stolen file
(3) The time when the file was stolen
Answer: