Week 4
Evidence Acquisition – The goals of Evidence Acquisition. The best possible result is proof of absolute fidelity, protection of evidence and zero effects on network environments, . In fact, however, these standards are almost impossible to accomplish, as a zero footprint investigation can not be accomplished and best practices need to be used to minimize the footprint. In addition, verify the validity of proof with cryptographic checksums.
There are many traffic acquisition software that can be used depending on each use case. You can use libcap and there are a lot of libraries included such as Berkeley Packet Filter (BPF) usually use to compare values at layer 2, 3, and 4. You can also use TCPDump and Wireshark.
Acquisition tools : console, SSH, Telnet, TFTP, SNMP, SCP, and web proprietary interfaces.
No Comments »
RSS feed for comments on this post. TrackBack URL