Stanford Network Forensic Tools and Network Forensics Processes Discussion & Response

Description

Overview

Understanding corporate website traffic helps to detect potential threats. Consider that your CIO has asked you to research network forensic analysis tools (NFAT).

Instructions

Describe the purpose of NFATs as you understand it, and how these tools can assist with an investigation.
Compare and contrast your favorite NFATs and make a recommendation as to which tool you think would be the best.
Make sure to justify your answers with facts and provide links to useful resources that would help solidify your answers.

Post from Alice that you have to reply

Network forensics is a process of collecting and analyzing raw network data and tracking network traffic to ascertain how an attack was carried out or how an event occurred on a network. Knowing a networks typical traffic patterns is important in spotting variations in network traffic.

Network Forensic Analysis Tools (NFATs) enable network investigators and administrators to monitor networks and collect data on unusual or malicious activity. These solutions work in tandem with network systems and network devices like as firewalls and intrusion detection systems (IDS) to enable the preservation of long-term records of network traffic. NFATs enable the rapid analysis of patterns detected by network security devices.

The functions of NFATs are:

Network traffic capture and analysis
Evaluation of network performance
Detection of anomalies
Determination of network protocols in use
Aggregation of data
Investigations and incident response

Tcpdump and wireshark/tshark are popular protocol analyzers. These tools are used to inspect recorded traffic. They can be either packet-centric or session-centric.

Xplico and NetworkMinerare Network Forensic Analysis (NFAT) tools. These tools are data-centric which analyze the traffic content.

NetworkMinercan be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports.This toolhas the ability to do OS fingerprinting, can sort by IP address, MAC address, hostname, etc. It extracts all files and images from packet capture and stores them locally. Hence, NetworkMiner is a great tool for automatic extraction of files from a packet capture. It’s also useful at extracting messages such as emails. Manual packet analysis, on the other hand, is where NetworkMiner falls short and Wireshark excels.

Wiresharkis a very good tool to analyze packets between your network and a specified network that you’re monitoring. It’s especially useful if the user knows how to identify network protocols such as TCP, DNS, SFTP and set filters based on their port numbers.Most network packets are TCP, UDP, or ICMP. Given the huge volume of traffic that passes a typical business network, Wireshark’s tools can help you filter this traffic. Filters are typically used to capture traffic forms of interest, while focusing in on the traffic the user may wish to investigate.

Source:

Computer forensics: Network forensics analysis and examination steps [updated 2019]. (2019, July 6). Infosec Resources. Retrieved January 17, 2022, fromhttps://resources.infosecinstitute.com/topic/computer-forensics-network-forensics-analysis-examination-steps/

Our Service Charter

1. Professional & Expert Writers: Writers Hero only hires the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.

2. Top Quality Papers: Our customers are always guaranteed of papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.

3. Plagiarism-Free Papers: All papers provided by Writers Hero are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.

4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. Writers Hero is known for timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.

5. Affordable Prices: Our prices are fairly structured to fit in all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.

6. 24/7 Customer Support: At Writers hero, we have put in place a team of experts who answer to all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.