Week04

Network forensics

What is a packet?

• a chunk of data, forming part of a complete message

• max packet size is about 65kb, so what happens when you stream a movie

What is in a packet

• All packets contain a header and a payload

• Payload is all the data

• Header contains any metadata (e.g. length, protocol, source, destination)

OSI What

What is a packet capture?

• Intercepting packets travelling across a network, and logging them to a file

What could be a problem with this?

Demo

Report writing

What not to do

• Be overly verbose

• Make stuff up (I did the same investigation)

• Speak outside of your competence

• Make a decision too hastily

Review

Bad report

What to do

• Document the process

• Explain why you did certain things

• Explain what the evidence means

• Align the evidence

Review

My report (also bad)