Forensic Examination of Packet Captures

From csn
Jump to navigation Jump to search

The following scenarios are sourced from well known Network Forensic challenges. All of the techniques used to answer these questions should have been demonstrated in Network Forensics with Wireshark.

Scenario 1

Investigate the following network packet capture and try to answer the following questions.

  • What is the user interested in? (Hint: DNS)
  • What is the colour of the little mermaid's hair? (Hint: Recover HTTP Objects)

Click here to download the zipped .pcap file to examine

Scenario 2

Ann works for your food company. It is suspected that she is a mole and is working for a competing company. Ann has access to the secret recipe, which is the company’s prize asset. Security staff are worried that Ann may leak the company’s secret recipe. Today a new laptop appeared on the company network and the network engineers captured it and submitted it to you for analysis. As the forensic investigator, your mission is to figure out who Ann is communicating with and work out what happened.

Questions to answer:

  • Who is Ann talking to?
  • What protocol and application are they using to communicate?
  • What is the secret recipe and how was it leaked?
  • What is Ann's IP address?
  • What is Ann's MAC address and what vendor built her PC?

Click here to download the zipped .pcap file to examine

Scenario 3

Ann has organised to meet up with a shady figure, known as Dark Tangent. You are a forensic investigator. Can you figure out their destination? Click here to download the file to examine.


Retrieved from "https://csn.murdoch.edu.au/mediawiki/index.php?title=Forensic_Examination_of_Packet_Captures&oldid=1882"