![]() Wireless forensics would require these tools to provide wireless traffic analysis capabilities, that is, advanced analysis functions for the specific 802.11 headers and protocol flows and behaviors. The major commercial players in the wired field are Sandstorm NetIntercept, Niksun NetVCR and eTrust Network Forensics. The set of network tools used to analyze traffic from a forensic perspective is commonly called NFAT (Network Forensic Analysis Tool), a term coined in 2002. For wireless, this commonly means TCP/IP-based protocols over 802.11. The analysis of wireless traffic demands the same capabilities required in pure wired network forensics, that is, an in-depth understanding of the protocols involved in the data communications collected. Network Forensic Analysis Tools (NFAT): Commercial and open-source traffic analysis tools These sources of information would include access points and wired network devices logs, ARP and CAM tables, and the data collected by wireless IDS. The scope of the article is to focus on wireless forensics from the traffic point of view, although in a real scenario, there are other sources of information to complement the data related with the case. ![]() The main technical considerations, tools and challenges associated to the analysis of 802.11 traffic from a wireless forensics perspective are presented below. ![]() Once the traffic has been collected by the forensic examiner, it must be analyzed to draw some conclusion about the case. Wireless forensics: Technical considerations for traffic analysis Finally, apart from the technical details, as a forensic write-up, the article covers some legal aspects about wireless forensics for both the U.S. Additionally, advanced anti-forensic techniques that could thwart a forensic investigation are analyzed. In this second article, we take it a step further and focus on the technical challenges for wireless traffic analysis. ![]() ![]() In part one of this series, we discussed the technical challenges for wireless traffic acquisition and provided design requirements and best practices for wireless forensics tools. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |