Decoding an FTP Protocol Session for Forensic Evidence
Cybercrime Forensics
Course Name and Number: _____________________________________________________
Sara Komisarz
Student Name: ________________________________________________________________
Abena Shaw
Instructor Name: ______________________________________________________________
01/18/2015
Lab Due Date: ________________________________________________________________
Overview
In this lab, you used two very powerful forensic analysis tools, Wireshark and NetWitness
Investigator, to examine the same File Transfer Protocol (FTP) traffic capture file, and compare the results of each. FTP is a protocol that is used extensively in business and social communications as means to move files between a host and a client. Just about every time you download something from an Internet site, you are using a version of FTP to manage the process.
It the most-frequently used file transfer tool, but it is vulnerable. You explored the protocol capture file to see how FTP’s cleartext transmission can endanger an organization.
Lab Assessment Questions & Answers
1. Which analysis tool used in this lab helps organize the protocol session and interaction for easier protocol analysis and forensic investigating?
Netwitness is a tool that will help.
2. How are protocol capture and analysis linked to digital computer forensic investigations? It is linked because it helps to monitor traffic and see a user's username, password, IP address and much more to monitor what they have been doing.
3. What is the source IP address of the FTP client workstation and FTP server? client = 172.16.177.132 IP Address of server = 172.16.177.157
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com
Student Lab Manual
4. What was the username and password for the successful FTP connection?
Username = badguy
Password = you will never guess this !!
5. What is the MAC layer address of the FTP client workstation and FTP server?
172.16.177.132
6. What are the names of the two text files that were transferred to the server using FTP? badnotes1.txt and badnotes2.txt,
7. What is the port number for FTP? What would you recommend for securing FTP through the public Internet?
21
8. What was the total size of the FTP file transfer?
5.71KB
9. What is the directory on the FTP server where the two text files are located?
/home/badguy/
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com
Student Lab Manual
You May Also Find These Documents Helpful
-
The lab environment consists of computers connected to a local area network. The computers required for this lab are listed in Table 1-1.…
- 1996 Words
- 8 Pages
Satisfactory Essays -
File Transfer Protocol. This is the main protocol, or service that is utilized during file transferring between…
- 438 Words
- 2 Pages
Good Essays -
83) Which process is responsible for establishing a connection between the client and the server?…
- 4209 Words
- 17 Pages
Powerful Essays -
In this lab, you explored the common tools available in the virtual lab environment. You used…
- 424 Words
- 2 Pages
Good Essays -
What directory enables you to use a web site to publish files located anywhere on the network?…
- 842 Words
- 3 Pages
Powerful Essays -
6) TCP/IP: The Transmission Control Protocol specifies the procedures for dividing files and documents into packets to be sent over the Internet and the methods for reassembly of the original document or file at the destination. The Internet Protocol specifies the structure of those packets and how to route them to the proper destination.…
- 2832 Words
- 12 Pages
Powerful Essays -
TCP Wrappers is a Linux/UNIX security mechanism that will deny or allow access to TCP services. We can prevent unauthorized access to our vsftp server using TCP Wrappers. TCP Wrappers consists of two files located in the /etc directory. The hosts.deny file prevents certain users from accessing TCP services while the hosts.allow authorizes users to access TCP services.…
- 182 Words
- 1 Page
Satisfactory Essays -
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.…
- 477 Words
- 3 Pages
Satisfactory Essays -
Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.…
- 256 Words
- 2 Pages
Satisfactory Essays -
1. Which tool is better at performing protocol captures and which tool is better at performing protocol analysis? The best tool for protocol captures is Wireshark. The best tool for protocol analysis is Netwitness.…
- 2612 Words
- 11 Pages
Powerful Essays -
C) FTP (File transfer protocol) - is a standard way of gathering files between computers on the Internet over IP/TCP…
- 474 Words
- 2 Pages
Good Essays -
Transmission Control Protocol / Internet Protocol (TCP/IP) TCP is the protocol used in networking that provides a connection-oriented, reliable way for applications to communicate large amount of data at one time over a network. IP is a connectionless protocol responsible for addressing network devices, and routing packets between…
- 260 Words
- 2 Pages
Satisfactory Essays -
| The Windows Media distribution server uses this UDP Out port to send correction-oriented control messages to the origin server.…
- 481 Words
- 2 Pages
Good Essays -
By using forensics tools you have discovered this file you suspect to be a graphic file even though it is not stored as a standard graphics file, like a JPEG. You must also use tools to recover the graphics file. Since graphic files have headers with instructions on how to display them, the…
- 686 Words
- 3 Pages
Good Essays -
* a file from host1 to host2. Keep in mind, this program might only work…
- 4247 Words
- 17 Pages
Better Essays