Using Wireshark to Gather Forensic Evidence on Malware ...

More documents

Recommendations

Info

Commercial products vs. <strong>Wireshark</strong> • Not a versus – Have both, use both – Have only one of them… ;) • Best practice: – SecTools / SecAppliances for au<strong>to</strong>mated moni<strong>to</strong>ring and pre-analysis – <strong>Wireshark</strong> for detailed analysis and correlation 4
DNS Analysis • Time consuming • Very effective • Recommended as permanent process • Combined usage of GUI and CLI • Recommended addons: – Good Text Edi<strong>to</strong>r + Spreadsheet Edi<strong>to</strong>r – “Linux” Tools like grep, cat, uniq, sort etc. 5
Page 1 and 2: SEC-5 Using wiresh
Page 3: 3 House rules
Page 7 and 8: A few words on exploits • Main fo
Page 9 and 10: In-depth analysis • Baselining ev
Page 11: Thanks for your attention ! ??? Que

Using Wireshark to Gather Forensic Evidence on Malware ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?