What kind of information is collected in a firewall log? How would this information be used in a network forensics investigation?
Firewall Systems have a Log Tab. It has real time up to date, integrated data of traffic logs generated by firewall system. It is in form of a table.
It may have following fields:
Time : exact time of an event occuring.
Direction : incoming or outgoing traffic
Action : action taken by firewall, namely block, allow, ask and disconnect.
Protocol : type of protocol such as UDP, TCP, ICMP etc used by the specific connection
SRC address : IP address of incoming packet.
SRC host : resolving ID of incoming packet system.
SRC port : port from which incoming packet left.
DST address : outgoing packet destination IP address.
DST host : outgoing packet destination system ID.
DST port : outgoing packet destination port address where packet will be accepted.
Process : The .exe file to which incoming or outgoing packet belongs.
SRC MAC : MAC address of sender system.(Remote)
DST MAC : MAC address of sending system.
Use of Firewall Logs in Network Forensics:
1. Analyse port with which no application or service is connected. Hackers may use backdoor trojans through these.
2. IP addresses refused or dropped can be checked for illegal port access.
3. Looking for unsuccessful access to system firewall.
What kind of information is collected in a firewall log? How would this information be used in a network forensics investigation?
What is Wireshark? How would you use it in a network forensics investigation [give a few examples].
What kind of software is SNORT? How would it be used in sniffer mode for network forensics?
Conduct research for information about the importance of computer/cyber forensic investigation plan in the forensics field. - What should be included in the scope of a computer/cyber forensic investigation plan? - What is the purpose of this plan?
cyber forensics Syslog is generally configured to put all e-mail related log information into what file? /proc/mail /var/log/maillog /var/log/messages /usr/log/mail.log
Forensics involves the investigation and documentation of a given crime to provide evidence that is typically used for legal action. E-mail is extensively used in personal and business operations to communicate with individuals in a fast and cost-effective manner. However, more frequently than not, email is used as a platform for fraud, deceit, crime, identity theft, or even information phishing. What are some examples of e-mail scams (e.g., Nigerian scams, false credit or account alerts, dating scams, etc.)? 1. What...
When it comes to network forensics capability, what are different ways to determine how much cost should be allocated/budgeted for an organization? What are the things/or matters that should be considered?
Please help with IPTables questions, I will thumbs up in rating!! 1. What kind of firewall does IPTables implement? 2. In order to run this script, we would need to make it executable; assuming the script is name “firewall.sh”, how would we go about making this script executable? 3. What line would you add to this script to create rules for: a. DNS? b. SSH? c. HTTP? d. HTTPS? e. SMTP?
Please help with the questions related to KALI LINUX. I would really appreciate the help. 11. What are the commands for disabling and then re-enabling a Network card interface in Kali Linux? 12. How do I persistently assign static IP address information to the network interface card and then switch it back to Dynamic IP address? 13. How do I turn off the firewall in Kali Linux? 11. What are the commands for disabling and then re-enabling a Network card...
We are interested in detecting communities in a social media dataset. 1. How would you mine this problem? 2. Choose a social network and explain the kind of data cleaning you need. 3. What kind of data mining algorithm can you use?
1.Which of the following is used to store information about disk partitions? a.ReFS b.EFS c. MFT d.MBR 2.What feature of NTFS systems can be used to obscure information that might be used as evidence in an investigation? a.ADS b.MBR c.MFT d.EFS 3. NTFS data encryption is achieved with which of the following technologies? a.WDE b.ReFS c.EFS d.ADS 4. Which of the following keeps a record of attached hardware, user preferences, network connections, and installed software? a.System.dat file b.Master Boot Record...