Network Forensics

​Network Forensics: It’s basically sniffing, recording, acquisition, and analysis of network traffic and event logs in order to investigate security.
It can reveal many things like, Source of security incidents and attacks, Path of attack, Techniques used by attacker.
Types of network addressing scheme:

• Lan Addressing: Each node of a LAN has a MAC address. Data packets are directed to either one of the nodes or all notes.
• Internet addressing: Internet address is a combination of network and node address. IP is responsible for network layer addressing in the TCP/IP protocol.

What is IDS?
Intrusion detection System gathers and analyzes information.
Types:

• Network based: It’s a black box places in a network, listening to the pattern in a indicative way.
• Host Based: Includes auditing the events that occur on a specific host.
• Log File monitoring: Parse log file after events has already occurred.
• File Integrity Checking: Checks for Trojan Horses or files.

Honeypots:
As name suggest, it’s set to attract and trap people.
Network Attacks:
IP Address Spoofing: Attacker changes his/her IP address to hide identity.
Man in the middle attack: It’s intrudes into an existing connection between systems and to intercept messages being exchanged.
Packet sniffing: An attacker can capture the packet by putting a packet sniffer on the network.
Buffer Overflow: Buffer overrun in the stack space. Attacker inject malicious code on the stack and overflows it to overwrite in return pointer so that the flow of control switches to the malicious code.
New line injection attack: Attacker inject plaintext into the log file.