• Home

  • Documents

  • Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on...
13
Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Embed Size (px)

Citation preview

Page 1: Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Chapter 24

©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

Digital Evidence on Physical and Data-Link Layers

Page 2: Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 24.1 Old Ethernet configuration (modern configurations are conceptually the same).

Page 3: Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 24.2 Computers on a 10BaseT network plugged into a hub.

Page 4: Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 24.3 Computer A sending data to computer Z.

Page 5: Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 24.4 Ethereal classification of NIC addresses.

Page 6: Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FFIGURE 24.5 Summary diagram of TCP/IP separated by OSI layer.

Page 7: Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 24.6 Computers connected at the physical level are vulnerable to eavesdropping.

Page 8: Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 24.7 Ethereal showing packet in “hotmail-02242003. dmp” file containing the keyword “POST,” corresponding to the act of sending the message through Hotmail.

Page 9: Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 24.8 (A) Using the NetIntercept forensic view to examine network traffic and locate important items such as an “HTTP POST.” (B) Using NetIntercept to view the same packet as in Figure 24.7 containing the “POST” keyword.

Page 10: Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 24.9 NetWitness summary view of network traffic.

Page 11: Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 24.10 Hotmail Inbox recovered using Ethereal.

Page 12: Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 24.11 Hotmail Inbox extracted from a tcpdump file and displayed using NetIntercept.

Page 13: Chapter 24 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Digital Evidence on Physical and Data-Link Layers

Figure 1.1

Copyright © 2011 Academic Press Inc.©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.

FIGURE 24.12 MIME-encoded e-mail attachments containing data in a ZIP file extracted from a tcpdump file and displayed using NetIntercept.


Forensic Network Analysis Toolsold.dfrws.org/2003/presentations/Brief-Casey.pdf · Forensic Network Analysis Tools Strengths, Weaknesses, and Future Needs Eoghan Casey |Author, Digital

Forensic Network Analysis Toolsold.dfrws.org/2003/presentations/Brief-Casey.pdf · Forensic Network Analysis Tools Strengths, Weaknesses, and Future Needs Eoghan Casey |Author, Digital

Documents
PLACES WATCH - Santa Clara County, CaliforniaAnnie E. Casey Foundation, including Casey Family Services, Casey Family Programs, the Jim Casey Youth Opportunities Initiative, the Marguerite

PLACES WATCH - Santa Clara County, CaliforniaAnnie E. Casey Foundation, including Casey Family Services, Casey Family Programs, the Jim Casey Youth Opportunities Initiative, the Marguerite

Documents
Carolina casey

Carolina casey

Education
Casey, City of Casey Sport and Physical more active

Casey, City of Casey Sport and Physical more active

Documents
Casey martinpodcast

Casey martinpodcast

Documents
Key points FINAL ELSEVIER - NOT CONTENT OF PROPERTY … · ELSEVIER SAMPLE . ELSEVIER ). OF ELSEVIER Health measures . Measuring deprivation ...File Size: 570KBPage Count: 16

Key points FINAL ELSEVIER - NOT CONTENT OF PROPERTY … · ELSEVIER SAMPLE . ELSEVIER ). OF ELSEVIER Health measures . Measuring deprivation ...File Size: 570KBPage Count: 16

Documents
Chapter 22 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Networks

Chapter 22 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Applying Forensic Science to Networks

Documents
Casey anthony

Casey anthony

Entertainment & Humor
Clara Casey

Clara Casey

News & Politics
Chapter 20 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Forensic Examination of Mobile Devices (online only)

Chapter 20 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Forensic Examination of Mobile Devices (online only)

Documents
Cyber Forensics Dr. John Abraham Professor Based on Eoghan Casey’s Textbook

Cyber Forensics Dr. John Abraham Professor Based on Eoghan Casey’s Textbook

Documents
Mobile Device Forensics Essentials - SANS - Eoghan Casey... · Mobile Device Forensics Essentials Everything you need to know but were afraid to ask! Eoghan Casey. ... Mobile Misuse

Mobile Device Forensics Essentials - SANS - Eoghan Casey... · Mobile Device Forensics Essentials Everything you need to know but were afraid to ask! Eoghan Casey. ... Mobile Misuse

Documents
Pedigree Chart - Alto Casey Family Pagealtocasey.com/alto casey photo album/Alto Casey Pedigree Chart.pdf · Alto Lee CASEY Alto Lee CASEY b: May 27. 1881 in Alabama m: Mar in Aigbarna

Pedigree Chart - Alto Casey Family Pagealtocasey.com/alto casey photo album/Alto Casey Pedigree Chart.pdf · Alto Lee CASEY Alto Lee CASEY b: May 27. 1881 in Alabama m: Mar in Aigbarna

Documents
Eoghan Furey, Kevin Curran, Paul Mc Kevitt Intelligent Systems Research Centre,

Eoghan Furey, Kevin Curran, Paul Mc Kevitt Intelligent Systems Research Centre,

Documents
PowerPoint Introduction to Windows Mobile Forensicsforensic.sc.su.ac.th/seminar/seminari53/ppt/52312338.pdf · 1 Introduction to Windows Mobile Forensics Eoghan Casey, Michael Bann,

PowerPoint Introduction to Windows Mobile Forensicsforensic.sc.su.ac.th/seminar/seminari53/ppt/52312338.pdf · 1 Introduction to Windows Mobile Forensics Eoghan Casey, Michael Bann,

Documents
Dominic Casey affidavits on Casey Anthony

Dominic Casey affidavits on Casey Anthony

Documents
Creative Sydney's Changing Sydney - Presentation by Eoghan Lewis

Creative Sydney's Changing Sydney - Presentation by Eoghan Lewis

Entertainment & Humor
Casey, Quirk

Casey, Quirk

Documents
CASEY TISSUES

CASEY TISSUES

Technology
hreflang SMX München 2016 Eoghan Henn

hreflang SMX München 2016 Eoghan Henn

Marketing
Elsevier portfolio elsevier media informatie 2013

Elsevier portfolio elsevier media informatie 2013

Documents
Chapter 21 Network Basics for Digital Investigators ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved

Chapter 21 Network Basics for Digital Investigators ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved

Documents
Casey Weekly

Casey Weekly

Documents
Casey Anthony - Casey Anthony 7-16-08 Transcript

Casey Anthony - Casey Anthony 7-16-08 Transcript

Documents
Eoghan McDermott Show Sponsorship...ABOUT RTÉ’s Eoghan Mc Dermott hosts 2FM’s fast-paced weekday afternoon show. Kicking off at 4:00pm, this three hour show is a mix of big celebrity

Eoghan McDermott Show Sponsorship...ABOUT RTÉ’s Eoghan Mc Dermott hosts 2FM’s fast-paced weekday afternoon show. Kicking off at 4:00pm, this three hour show is a mix of big celebrity

Documents
Casey O’Brien

Casey O’Brien

Documents
Casey Anthony - Casey Anthony 10-14-08 Transcript 1

Casey Anthony - Casey Anthony 10-14-08 Transcript 1

Documents
Casey C219 Panel Report - City of Casey | Home

Casey C219 Panel Report - City of Casey | Home

Documents
Casey Solana

Casey Solana

Education
Leveraging CybOX to Standardize Representation and ... · Leveraging CybOX to Standardize Representation and Exchange of Digital Forensic Information By Eoghan Casey, Greg Back, and

Leveraging CybOX to Standardize Representation and ... · Leveraging CybOX to Standardize Representation and Exchange of Digital Forensic Information By Eoghan Casey, Greg Back, and

Documents