NETWORK TRAFFIC ANALYSIS WITH XPLICO

Dear Readers,

We would like to introduce our newest issue of eForensics Network.

Check what you can find inside:

1.NETWORK TRAFFIC ANALYSIS WITH XPLICO

by Justin Hutchens, CISSP , CEH , ECSA ,CHFI

Xplico is a program that should be present in any serious network forensic professional’s toolkit because it offers this invaluable capability of taking otherwise esoteric network traffic data and converting it into a format that can be understood by even the most technically challenged individuals. In this article, We will discuss what Xplico is and how it can make an effective contribution to any practice of network forensics.

2. WIRE-SPEED CAPTURES WITH PORTABLE DEVICES

by Francisco J. Hens and Vicente J. Bergas

Improvements of storage technology in terms of capacity / speed and continuous optimization of Field-programmable Gate Array (FPGA) integrated circuits are bringing a totally new wave of possibilities in data capture and processing applications. FPGAs are perfectly suited for wirespeed processing of fast data sources and small form factor Solid State Drives (SSD) supply excellent performance, large storage capacity and they are perfectly adapted to operation in portable equipments.

3. THE POSSIBILITY OF BROWSING IN SECRECY

by Jessica Riccio

While private browsing has a variety of names depending on the browsers implementing the feature, it comes as no surprise that Apple was the first company to implement the idea of private browsing. Over the next five years, companies began to create their versions of private browsing, all claiming similar functionality: what you do in private browsing is not logged and therefore cannot be found. As of this writing, Google, Mozilla, Apple, Opera, and Microsoft offer different flavors of private browsing.

4. WEB ATTACKS: ERROR BASED ASPX SQL INJECTION

by Rahul Tyagi

ASPX SQL injection is also parallel to a PHP based SQL injection. But here, we don’t use queries that contain order by, union select etc. Instead, we will cheat the server to respond with the information we need. It is called an error based injection technique. We will get the information we need in the form of errors.

5. NINE RULES TO PREVENT THE INVALIDATION OF SYSTEM FORENSIC INTEGRITY DURING A PENETRATION TEST

by Chris Duffy, eCPPT, CEH, CNDA, CHFI, EDRP, GSEC,CWSP, CWNA, VCP

Penetration Tests are required to validate the tactics and techniques that malicious users and attackers use. Vulnerability Analysis (VA) can show technical vulnerabilities, though many times documented technical weaknesses are not utilized by attackers. Without a Penetration Test an organization cannot determine what vectors an attacker would potentially take.

6. INTRUSION DETECTION SYSTEM AN INTELIGENT STEP TO CATCH THE INTRUDERS

by Deepanshu Khanna

Now-a-days the number of Internet users is growing. Almost everyone around the world is accessing the Internet. E-commerce and E-business are growing rapidly. Therefore, competition is also increasing rapidly. The number of intrusion events have also continued to grow because many companies’ networks use the Internet. So in this article I have focused on how a hacker attacks and on the contrary how can we catch that hacker.

7. A PRACTICAL APPROACH TO MONITOR SUSPICIOUS ACTIVITY ON SOCIAL NETWORKING USING SNIFFER TOOLSby Nilay MistryNow a days, cyber crimes are on rise as soon as any new technologies/methods are introduced. In the foregoing paras, the strategy for SN Monitoring and enhancement of security have been discussed. SN is a potential source of verious cyber crime like, Identity Theft, Privacy breaching, cyber terrorism, defamation etc. To prevent such crimes it is needed to monitor the social network.

8. A PRACTICAL PROCEDURE TO IMPROVE CYBERCRIME INVESTIGATION

by Da-Yu Kao

 Cybercrime has become a global phenomenon. The basic elements of a cybercrime investigation are based on the relationship between an IP address and Time Stamp. This paper illustrates a six-stage practical procedure to improve cybercrime investigation from the viewpoint of auditing logs. Any logs with evidentiary value should be identified, collected, and verified. It is believed that this paper can assist law enforcement officials in dealing with today’s ever-increasing cybercrimes.

9. INTERVIEW WITH NATAGENT INC

by Aby Rao, Gabriele Biondo and Andrew J Levandoski