Week 4
This week, we learned about the tools that are needed to extract, analyze, and break down evidence obtained. The evidence that will be investigated comes in many forms, such as a pcap file.
We also learned about flow analysis. Flow analysis is used to locate data in the operating system or identify patterns in traffic. The tools used for flow analysis are Wireshark, pcapcat, and tcpxtract.
Wireshark is available on windows and kali linux. This tool is used to read packet traffic in the operating system, see source and destination address and the details of the package caught.
The different types of flow analysis techniques are
– list conversation and flow
– export a flow
– file and data carving