LAB10_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi

docx

School

University of Maryland, University College *

*We aren’t endorsed by this school

Course

640

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

16

Uploaded by joespady4u25

Report
Name: XXXXX Semester: Summer Year: 2023 Section Number: 7621 Lab 10 Worksheet Digital Forensics Technology and Practices Table of Contents Introduction ............................................................................................................................................................... 2 Screenshot 1 – Adding YOURNAME to the /etc/hosts file .......................................................................................... 3 Screenshot 2 – Nmap Yourname with Default Linux Ports Open ............................................................................... 4 Screenshot 3 – Nmap Yourname with HTTP Port Open ............................................................................................. 5 Screenshot 4– Nmap Yourname with FTP Port Open ................................................................................................. 6 Screenshot 5 – useradd yournameftp ........................................................................................................................ 7 Screenshot 6 – Use ls to get a listing of the yournameftp directory ........................................................................... 8 Screenshot 7– Use ls to get a listing of the /var/www/html directory ....................................................................... 9 Screenshot 8 – Finding yourname as the password in Wireshark ............................................................................ 10 Screenshot 9 – Yourname.exe parsed from the HTTP Objects in Wireshark ............................................................ 11 Screenshot 10 – Finding yourname as the password in NetworkMiner ................................................................... 12 Conclusion ............................................................................................................................................................... 13 APA References ........................................................................................................................................................ 14
Introduction Students: In the box below, please explain the purpose of doing this lab below and explain how it is relevant to Computer Forensics. Introduction Lab 10's objective is to analyze network traffic. The process of gathering, storing, and analyzing network traffic is known as network traffic analysis ("What is Network Traffic Analysis? A Practical Guide," 2021). We will install a sniffer on the network to detect malicious activity, analyze big network captures to find signs of penetration, and assess network traffic to see what is encrypted using the tools offered in Lab 10. Wireshark, Network Miner, and several command-line tools, including nmap and apache, will be used in this process. Network traffic analysis might produce crucial information during computer forensics that would not be discovered in any other way. For instance, utilizing network traffic analysis, investigators can discover a suspect network's IP address, email headers containing the suspect's identity, and details about the time and location of the suspect's network activity (Sikos, 2020). Wireshark is one of the greatest tools for performing network traffic analysis and is included in Lab 10. Deep packet analysis can be done using the open-source application Wireshark (Petters, 2020). Investigators can filter the log using Wireshark before or during analysis to truly focus on topics, which is quite helpful when conducting packet analysis on a big volume of data. Another free source tool for network traffic analysis that may be used as a passive network sniffer and a packet capture tool is called Network Miner. In contrast to Wireshark, which necessitates the addition of filters, Network Miner instantly extracts files from numerous protocols as soon as the packet capture is accessed, making it simple for investigators to gather crucial network information (Hjelmvik, 2019). Investigators have access to several tabs that display data that must be manually entered into Wireshark, such as photos, messages, passwords, hosts, and files. One of the most crucial skills for investigators is network traffic analysis since it offers crucial information about malicious activities taking place within the network.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 1 – Adding YOURNAME to the /etc/hosts file 1. Add yourname to the /etc/hosts file, where yourname is your first name. Take a screenshot of the echo command which add the loopback address with yourname to the file. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of Adding Yourname to the Hostfile Image 1
Screenshot 2 – Nmap Yourname with Default Linux Ports Open 2. Nmap yourname to the show the default open ports on the Linux system. Nmap leaves a timestamp which should be during the time frame of this course. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of using nmap Yourname to discover the Default Linux Ports Open Image 2
Screenshot 3 – Nmap Yourname with HTTP Port Open 3. Nmap yourname to the show the HTTP port open on the Linux system. Nmap leaves a timestamp which should be during the time frame of this course. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of using nmap Yourname to discover the HTTP Port Open Image
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 4– Nmap Yourname with FTP Port Open 4. Nmap yourname to the show the FTP port open on the Linux system. Nmap leaves a timestamp which should be during the time frame of this course. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of using nmap Yourname to discover the FTP Port Open Image 4
Screenshot 5 – useradd yournameftp 5. Add a using called yournameftp (with the -m switch to create a home directory) on the Linux system. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of using the useradd command adding yournameftp with the -m switch Image 5
Screenshot 6 – Use ls to get a listing of the yournameftp directory 6. Use ls to get a listing of the yournameftp directory and view the yourname.exe file. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of using the ls command to list the yournameftp directory and show yourname.exe Image 6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 7– Use ls to get a listing of the /var/www/html directory 7. Use ls to get a listing of the /var/www/html directory and view the yourname.exe file. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of using the ls command to list the /var/www/html directory and show yourname.exe Image 7
Screenshot 8 – Finding yourname as the password in Wireshark 8. The Wireshark capture file will have yourname in it for the FTP password. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of yourname as the FTP password in Wireshark Image 8
Screenshot 9 – Yourname.exe parsed from the HTTP Objects in Wireshark 9. When you go to file, export object HTTP, you should see yourname.exe parsed from the HTTP Objects in Wireshark . The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of Yourname.exe parsed from the HTTP Objects in Wireshark
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 10 – Finding yourname as the password in NetworkMiner 10. The Wireshark capture file will have yourname in it for the FTP password when you view the capture in Network Miner. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of yourname as the FTP password in Network Miner
Conclusion Students: In the box below, please explain the purpose of doing this lab below and explain how in is relevant to Digital Forensics Technology and Practices. Highlight any new learning that occurred while doing this lab. Hint: Discuss tools and commands used in the lab. Conclusion To get practical expertise with network traffic analysis tools and comprehend their significance in connection to computer forensics, Lab 10 was conducted. Wireshark and Network Miner tools were used in this lab to capture and monitor network traffic on both Windows and Kali Linux PCs. Using the nmap program on the Linux machine, we first checked the host machine's open ports. A network mapper command line tool called Nmap is employed to scan IP addresses and ports within a network, making it simple to identify devices that are active, open ports, and potential vulnerabilities (Shivanandhan, 2020). Ssh, ms-wbt-server, mmcc, vnc-http, and vnc were among the open ports. The Apache web server was then started by using the service command. The http, or port 80, was also open when the nmap command was later executed on the host machine. The very secure file transfer protocol vsftpd was then installed using the apt command, and the FTP server was started. We used the nmap tool once more to determine that FTP, or port 21, was now open along with the others. Following that, we used the useradd and passwd commands to add an FTP user and modify the user's password. After the user was formed, we used the cp command to copy a file to the new user account's ftp root. Once everything was completed, we started Wireshark on the Linux machine and used the nmap command on the Windows machine command line to view the open ports that we had previously seen. We could use filters in Wireshark to display closed and open ports on the Linux computer. Then, we returned to the windows computer and launched Wireshark there. We launched an executable file containing the FTP credentials while Wireshark was running. The FTP password was simply found in the credentials area of Network Miner once we saved and uploaded that pcap file. The ability to analyze network data can be much more challenging than it is in this lab, and it requires the investigator to be familiar with some standard filtering techniques, but it does provide them a place to start when looking for hostile behavior on the network.
APA References Hjelmvik, E. (2019). Intro to NetworkMiner. Weberblog.net. Retrieved September 16, 2023, from https://weberblog.net/intro-to-networkminer/ Petters, J. (2020). How to Use Wireshark: Comprehensive Tutorial + Tips. Varonis.com. Retrieved September 16, 2023, from https://www.varonis.com/blog/how-to-use-wireshark
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Shivanandhan, M. (2020). What is Nmap and How to Use it – A Tutorial for the Greatest Scanning Tool of All Time. freeCodeCamp.org. Retrieved September 16, 2023, from https://www.freecodecamp.org/news/what-is-nmap-and-how-to-use-it-a-tutorial-for-the-greatest- scanning-tool-of-all-time/ Sikos, L. (2020). Packet analysis for network forensics: A comprehensive survey. Forensic Science International: Digital Investigation, 32, 200892. https://doi.org/10.1016/j.fsidi.2019.200892 What Is Network Traffic Analysis? A Helpful Walkthrough. Netreo. (2021). Retrieved September 16, 2023, from https://www.netreo.com/blog/what-is-network-traffic-analysis/

Related Documents

Exercises Chapter 1.docx
Untitled document.docx
Exercises Chapter 9.docx
Practicing Linux Commands.pdf
LAB11_Digital Forensics Technology and Practices_WORKSHEET1 Kwadwo Antwi.docx
LAB9_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB8_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB1_Digital Forensics Technology and Practices_WORKSHEET Kwadwo Antwi.docx
LAB5_Digital Forensics Technology and Practices_Kwadwo Antwi.docx
LAB2_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
Problem 11-5.docx
LAB6_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx