Ann's bad AIM Essay Example | Topics and Well Written Essays - 750 words

Ann's bad AIM - Essay Example Thereafter, the rogue laptop disappeared. As a forensic investigator, the Stuff reported this matter to me seeking some help. In this investigation I must therefore find who Ann was IM-ing, whatever she sent and also recover evidence including the following: In this investigation I am basically dealing with a pcap file and must find a way to extract the information in it first before proceeding with the investigation further. Normally there are several ways of extracting information from pcaps. Black Bytes (2012) explores some of the most commonly used four ways to extract the information. First there is the Wireshark: http export, in this case a list of all files found in all the http requests are presented. The second tool is the Wireshark: export bytes, with respect to the protocol, you are obliged to drill down in the packed you want in order to find this. The third one is the Network Miner which mainly focuses on forensics analysis. The last tool presented by Black Bites is the Chaosreader. It is a tool that analyzes and extracts session information as well as files, it then creates html report that opens in any browser. Then next thing is the identification of Anns host IP connection. This is something I already know to be 192.168.1.158, when pcap file is filtered with tshark, we can possibly view the hosts that Ann communicated to. This is achievable through the command â€Å"tshark -r evidence.pcap -R" at the terminal. It is important to note that Anne communicated with two hosts one being a local host who is indubitably the intruder about the other an internet host. In my case the IP addresses for the hosts resulted from the simulation. In order to find out who the internet host is we use the "whos" command at the terminal. Ann communicated with someone via the IM program. We could possibly assume that the IM program is an AIM client, a suggestion that can be