Back
Uncategorized

Network Evidence Collection and Forensics Analysis

Network Evidence Collection and Forensics Analysis.

 STEP 1: EXPLORE NETWORK FORENSICS In this case, you have received your assignment from Yvonne, the response team leader. Now it’s time to plan out the steps you will take to investigate the existing network protocols analyze the network attack gather forensic data about the attack prepare the incident report, identifying the attacker compromised server and service exploited vulnerability data breached your recommendations to strengthen the organization’s network infrastructure Begin by looking into how the network attack could have occurred by researching techniques attackers use to infiltrate a network such as denial of service, backdoor, botnet, and brute force. The next step is to examine the latest Network Forensic Analysis Tools (NFAT). Then, you’ll summarize the information you gathered from your research and include it in the first section of the incident report. This summary will provide the leaders in your organization with an understanding of how network attacks happen and how your organization’s security operations team analyzes the network for vulnerabilities. After that you’ve completed your research on network attacks and tools for network analysis, you’re ready to go to the next step: analyzing the organization’s incident response. STEP 2: ANALYZE THE ORGANIZATION’S INCIDENT RESPONSE Having conducted research on network attacks and network forensic analysis tools, you’re ready to prepare for the investigation on this particular network intrusion. To do this, you’ll learn how to gather network evidence from log files, network/server configuration, user accounts, and network infrastructure. Once you have gathered the network evidence in this case, you’ll incorporate it into the second section of your final incident report. As with the first section of your report, the audience for this section are the leaders in your organization who’ll need an overview of how the organization’s security team gathers network evidence. STEP 3 (LAB): USE WIRESHARK TO CONDUCT THE NETWORK ANALYSIS Now that your network forensic research and preparations are complete, you’re ready to analyze the compromised network and conduct a network analysis. Based on the tools research you completed in the earlier step, you decide to use the Wireshark tool to analyze the network packet capture. You will conduct packet sniffing with Wireshark to gather information about the attacker, determine the resources that may have been compromised during the attack, and learn how the attacker compromised the resources. You go to your organization’s virtual lab to use Wireshark to analyze network packets and generate a written report. You will need to include screenshots and answers to forensic analysis questions. You will incorporate this written report into the third section of your incident report. This section—geared to the leaders, network administrators, and the security operations team in your organization—will provide them with detailed information about the network attack and vulnerabilities the organization needs to address. Once you have answered the forensic analysis questions in the written report, you are ready to go to the next step: examination of your Wireshark lab results. STEP 4: EXAMINE WIRESHARK LAB RESULTS You’ve conducted the network analysis using Wireshark and answered the forensic analysis questions in the written report. Now, you’ll complete a forensic investigation report to document the results of the Wireshark analysis. 

Network Evidence Collection and Forensics Analysis