Ann's bad AIM Essay Example | Topics and Well Written Essays - 750 words

Anns bad deal - Essay lessonThereafter, the rogue laptop disappeared. As a forensic investigator, the Stuff fielded this matter to me seeking near help. In this investigation I must therefore dress who Ann was IM-ing, whatever she sent and also regenerate evidence including the followingIn this investigation I am basically dealing with a pcap saddle and must find a way to extract the information in it first before performance with the investigation further. Normally there are several ways of extracting information from pcaps. dumb Bytes (2012) explores some of the some commonly used four ways to extract the information. First there is the Wireshark http export, in this case a list of all files found in all the http requests are presented. The second tool is the Wireshark export bytes, with look on to the protocol, you are obliged to drill down in the packed you want in order to find this. The third one is the Network Miner which mainly focuses on forensics analysis. The la st tool presented by Black Bites is the Chaosreader. It is a tool that analyzes and extracts session information as well as files, it then creates html report that opens in any browser.Then next thing is the identification of Anns host IP connection. This is something I already know to be 192.168.1.158, when pcap file is filtered with tshark, we can possibly view the hosts that Ann communicated to. This is achievable through the command tshark -r evidence.pcap -R at the terminal. It is important to note that Anne communicated with two hosts one being a local host who is indubitably the intruder ab start the other an internet host. In my case the IP addresses for the hosts resulted from the simulation. In order to find out who the internet host is we use the whos command at the terminal.Ann communicated with someone via the IM program. We could possibly assume that the IM program is an AIM client, a suggestion that can be