DOCSLIB.ORG

Introduction to Network Forensics

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Introduction to Network Forensics FINAL VERSION 1.1 AUGUST 2019 www.enisa.europa.eu European Union Agency For Cybersecurity Introduction to Network Forensics FINAL | Version 1.1 | August 2019 02 Introduction to Network Forensics FINAL | Version 1.1 | August 2019 About ENISA The European Union Agency for Cybersecurity (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe’s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu. Contact For queries in relation to this paper, please use: [email protected] PGP Key ID: 31E777EC 66B6052A PGP Key Fingerprint: AAE2 1577 19C4 B3BE EDF7 0669 31E7 77EC 66B6 052A For media enquiries about this paper, please use: [email protected]. 03 Introduction to Network Forensics FINAL | Version 1.1 | August 2019 Legal notice Notice must be taken that this publication represents the views and interpretations of ENISA, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the Regulation (EU) No 526/2013. This publication does not necessarily represent state-of the-art and ENISA may update it from time to time. Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources including external websites referenced in this publication. This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication. Copyright Notice © European Union Agency for Cybersecurity (ENISA), 2018 Reproduction is authorised provided the source is acknowledged. ISBN: 978-92-9204-288-2, DOI: 10.2824/995110 04 Introduction to Network Forensics FINAL | Version 1.1 | August 2019 Table of Contents About ENISA 3 Executive Summary 9 1. Introduction to Network Forensics 10 Relation to other fields of digital forensics 11 Computer forensics 12 Memory forensics 12 Mobile forensics 12 Different types of network-based evidence 13 Full content data 13 Session data 14 Alert data 14 Statistical data 15 Relation to intrusion detection/prevention systems 15 Difference between forensic investigation and intrusion detection 16 IDS alerts as a starting point of a forensic investigation 16 Collecting network-based evidence 17 Acquiring traffic in cables 17 Acquiring traffic in radio networks 22 Short introduction to some well-known tools 23 Packet capturing tools: tcpdump, dumpcap 24 A simple pattern matching engine: ngrep 24 A flow capture & analysis tool: Argus 25 Network intrusion detection system example: Snort 26 The full-scale analysis tool: Wireshark 26 2. Logging and Monitoring 29 Useful sources for analysis 29 Host-based sources 29 Network-based sources 35 Prerequisites to enable suitable network forensics 40 Monitoring policy 40 Monitoring targets 41 Additional data sources 41 Timeline analysis 42 Aggregation and correlation of different sources, normalisation of data 44 Address normalisation 45 Name resolution 46 Time normalisation 46 05 Introduction to Network Forensics FINAL | Version 1.1 | August 2019 Collecting and storing traffic data 47 Collecting agents 47 Storage 48 Data transfer 49 Legal basics 50 Obligations 51 Constraints 52 3. Detection 53 Distinguishing regular traffic from suspicious/malicious traffic 53 Baselining of normal traffic 53 Filtering of network traffic 57 Building signatures 58 Detecting intrusions 58 Detecting enumeration 58 Detecting lateral movement 59 Detecting data exfiltration 60 Using threat intelligence 60 4. Analysis (data interpretation) 63 Overview 63 The value and importance of Network forensics 64 Where can one find Network forensics? 65 Logging and monitoring 65 Combining the pieces 66 What is the purpose of data visualisation? 67 Chain of Custody 68 What is Chain of Custody? 68 Why is a careful Chain of Custody so important? 68 Integrity 69 Traceability 70 Practical issues 71 Legal value 72 Example of a Chain of Custody form 72 From data to information 73 Introduction to data capture files 73 Data Analysis Tools 74 Command line tools 81 Encryption and making the best of an encrypted capture 84 CIA triad, Privacy and Anonymity 84 Networks 86 Encryption 89 IPsec 91 06 Introduction to Network Forensics FINAL | Version 1.1 | August 2019 VPN 93 Wireless 95 Network Forensics and Encryption 96 Tool sources 99 Further reading 99 5. Use Cases 100 ICS/SCADA environment 100 Summary 100 Summary Table 102 Introduction to the exercise and overview 103 Task 1: Setting up the monitoring environment 103 Task 2: Baselining of regular traffic 107 Task 3: Initial attack detection 116 Task 4: Second attack stage analysis 120 Task 5: Analysing the attack on the PLCs 127 Summary of the exercise 137 Tools used in this use-case 138 Evaluation metrics 138 Further reading 138 Detecting exfiltration on a large finance corporation environment 139 Summary 139 Summary Table 139 Introduction to the training 140 Introduction – proxy server 141 Setup 142 Network Traffic Analysis 151 Detecting data exfiltration over DNS 171 Log analysis summary/recommendations 182 Tools used 183 Evaluation metrics 183 Analysis of an airport third-party VPN connection compromise 184 PART1: Summary 184 PART2: Summary table 184 PART 3: Introduction to the exercise and tools overview 185 PART 4: The Examination 200 Summary of the exercise 214 Conclusions / Recommendations 215 Tools repository 215 Evaluation metrics 215 6. Glossary 216 7. References 217 07 Introduction to Network Forensics FINAL | Version 1.1 | August 2019 08 Introduction to Network Forensics FINAL | Version 1.1 | August 2019 Executive Summary This material contains an update to the existing ENISA Collection of CERT exercises, specifically focusing on the trainings labelled under “Network Forensics” on the ENISA CSIRT training webpages1. The revised/renewed training materials are based on good practices, and include all needed methodologies, tools and procedures. The updated scenarios also include content that is in line with the current technologies and methodologies. The training includes the performance indicators and means, supporting those who use it to increase their operational competence. It is made available in a ready-to-use version. The duration of the training is 3 full working days (or approximately 24 hours). The training consists of an extensive introduction (sections 1–4) and three exercises (section 5). The exercises are targeted mainly towards the national, governmental and other types of CSIRTs who are focused on enhancing their skills, effectiveness, quality of service and cooperation with other teams and stakeholders. 1 https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/technical- operational 09 Introduction to Network Forensics FINAL | Version 1.1 | August 2019 1. Introduction to Network Forensics This chapter will establish a basic understanding of network forensics and proceed with how it relates to other forensic fields, most importantly host-based forensics, memory forensics, and mobile forensics. Section 1.2 introduces different levels of traffic capture and data retention and how it can be used. Section 1.3 deals with the relation of network forensics to intrusion detection, while the process of how network evidence is captured from different media (cable, wireless) is covered in section 1.4. The chapter will be closing with a brief introduction of common tools used in network forensics. The material presentation is at the discretion of the trainer. If the trainees have enough knowledge about the basics, some or all of this material can be skipped. The word forensics comes from the Latin words forensis and scientia, meaning “on the forum” and “knowledge”. In ancient Rome, criminal proceedings were held in public at the market place (forum). Forensic science is hence referring to the process of applying scientific methods to criminal and civil proceedings. Correspondingly, a forensic scientist collects, preserves, and analyses scientific evidence during an investigation. They may also testify as expert witnesses in courts. Over time, the technical aspects of forensic investigations have evolved into sub-fields relating to the special conditions of the evidence involved, like toxicology, fingerprint analysis, etc. with digital forensics being the branch of forensic science encompassing the recovery and investigation of material found in digital devices. From Jones et al. (2013, see also ENISA 2013a): “There are five main principles that draw up a basis for all dealings with electronic evidence. These principles were adopted as part of European Union and the Council of Europe project to develop a ‘seizure of e-evidence’ guide. As stated before, while laws regarding admissibility of evidence differ between countries, using these principles is considered appropriate, as they are common internationally”. Data integrity:
Recommended publications
  • Anonsocialmix: Anonymous P2P File Sharing Over Social Networks

    Anonsocialmix: Anonymous P2P File Sharing Over Social Networks

    AnonSocialMix: Anonymous P2P File Sharing Over Social Networks Student Name: Rajdeep Mukherjee IIIT-D-MTech-CS-GEN-MT15051 July, 2017 Indraprastha Institute of Information Technology New Delhi Thesis Committee Dr. Sambuddho Chakravarty, IIIT Delhi (Advisor) Dr. Tanmoy Chakraborty, IIIT Delhi (Internal Examiner) Dr. Vinay Joseph Ribeiro, IIT Delhi (External Examiner) Submitted in partial fulfillment of the requirements for the Degree of M.Tech. in Computer Science, in Information Security Category ©2017 IIIT-D MTech-CS-GEN-17-MT15051 All rights reserved Certificate This is to certify that the thesis titled “AnonSocialMix: Anonymous P2P File Sharing Over Social Networks" submitted by Rajdeep Mukherjee for the partial fulfillment of the requirements for the degree of Master of Technology in Computer Science & Engineering is a record of the bonafide work carried out by him under my guidance and supervision in the Security and Privacy group at Indraprastha Institute of Information Technology, Delhi. This work has not been submitted anywhere else for the reward of any other degree. Dr.Sambuddho Chakravarty Indraprastha Institute of Information Technology, New Delhi 2 Abstract Peer-to-peer (P2P) file sharing accounts for one of the major sources of the Internet traffic. As privacy and anonymity issues continue to grow due to constant censorship and network surveil- lance, more and more Internet users are getting attracted towards the facilities for anonymous communication. Extensive research has been conducted over the years towards the design and development of several anonymous P2P file sharing protocols and systems. Size of the Anonymity Set plays a crucial role in determining the degree of anonymity being provided by such networks.
  • Implementing Cisco Cyber Security Operations

    Implementing Cisco Cyber Security Operations

    2019 CLUS Implementing Cisco Cyber Security Operations Paul Ostrowski / Patrick Lao / James Risler Cisco Security Content Development Engineers LTRCRT-2222 2019 CLUS Cisco Webex Teams Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Live Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space Webex Teams will be moderated cs.co/ciscolivebot#LTRCRT-2222 by the speaker until June 16, 2019. 2019 CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Agenda • Goals and Objectives • Prerequisite Knowledge & Skills (PKS) • Introduction to Security Onion • SECOPS Labs and Topologies • Access SECFND / SECOPS eLearning Lab Training Environment • Lab Evaluation • Cisco Cybersecurity Certification and Education Offerings 2019 CLUS LTRCRT-2222 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Goals and Objectives: • Today's organizations are challenged with rapidly detecting cybersecurity breaches in order to effectively respond to security incidents. Cybersecurity provides the critical foundation organizations require to protect themselves, enable trust, move faster, add greater value and grow. • Teams of cybersecurity analysts within Security Operations Centers (SOC) keep a vigilant eye on network security monitoring systems designed to protect their organizations by detecting and responding to cybersecurity threats. • The goal of Cisco’s CCNA Cyber OPS (SECFND / SECOPS) courses is to teach the fundamental skills required to begin a career working as an associate/entry-level cybersecurity analyst within a threat centric security operations center. • This session will provide the student with an understanding of Security Onion as an open source network security monitoring tool (NSM).

  • Government Open Systems Interconnection Profile Users' Guide, Version 2

    NIST Special Publication 500-192 [ Computer Systems Government Open Systems Technology Interconnection Profile Users' U.S. DEPARTMENT OF COMMERCE National Institute of Guide, Version 2 Standards and Technology Tim Boland Nisr NATL INST. OF STAND & TECH R.I.C, A111D3 71D7S1 NIST PUBLICATIONS --QC- 100 .U57 500-192 1991 C.2 NIST Special Publication 500-192 . 0)0 Government Open Systems Interconnection Profile Users' Guide, Version 2 Tim Boland Computer Systems Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899 Supersedes NIST Special Publication 500-163 October 1991 U.S. DEPARTMENT OF COMMERCE Robert A. Mosbacher, Secretary NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY John W. Lyons, Director Reports on Computer Systems Technology The National Institute of Standards and Technology (NIST) has a unique responsibility for conriputer systems technology within the Federal government. NIST's Computer Systems Laboratory (CSL) devel- ops standards and guidelines, provides technical assistance, and conducts research for computers and related telecommunications systems to achieve more effective utilization of Federal information technol- ogy resources. CSL's responsibilities include development of technical, management, physical, and ad- ministrative standards and guidelines for the cost-effective security and privacy of sensitive unclassified information processed in Federal computers. CSL assists agencies in developing security plans and in improving computer security awareness training. This Special Publication 500 series reports CSL re- search and guidelines to Federal agencies as well as to organizations in industry, government, and academia. National Institute of Standards and Technology Special Publication 500-192 Natl. Inst. Stand. Technol. Spec. Publ. 500-192, 166 pages (Oct. 1991) CODEN: NSPUE2 U.S.
  • Uila Supported Apps

    Uila Supported Apps

    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
  • Hands-On Network Forensics, FIRST 2015

    Hands-On Network Forensics, FIRST 2015

    2015-04-30 WWW.FORSVARSMAKTEN.SE Hands-on Network Forensics Workshop Preparations: 1. Unzip the virtual machine from NetworkForensics_ VirtualBox.zip on your EXTENSIVE USE OF USB thumb drive to your local hard drive COMMAND LINE 2. Start VirtualBox and run the Security Onion VM IN THIS WORKSHOP 3. Log in with: user/password 1 FM CERT 2015-04-30 WWW.FORSVARSMAKTEN.SE Hands-on Network Forensics Erik Hjelmvik, Swedish Armed Forces CERT FIRST 2015, Berlin 2 FM CERT 2015-04-30 WWW.FORSVARSMAKTEN.SE Hands-on Network Forensics Workshop Preparations: 1. Unzip the virtual machine from NetworkForensics_ VirtualBox.zip on your EXTENSIVE USE OF USB thumb drive to your local hard drive COMMAND LINE 2. Start VirtualBox and run the Security Onion VM IN THIS WORKSHOP 3. Log in with: user/password 3 FM CERT 2015-04-30 WWW.FORSVARSMAKTEN.SE ”Password” Ned 4 FM CERT 2015-04-30 WWW.FORSVARSMAKTEN.SE SysAdmin: Homer 5 FM CERT 2015-04-30 WWW.FORSVARSMAKTEN.SE PR /Marketing: Krusty the Clown 6 FM CERT 2015-04-30 WWW.FORSVARSMAKTEN.SE Password Ned AB = pwned.se 7 FM CERT 2015-04-30 WWW.FORSVARSMAKTEN.SE pwned.se Network [INTERNET] | Default Gateway 192.168.0.1 PASSWORD-NED-XP www.pwned.se | 192.168.0.53 192.168.0.2 [TAP]--->Security- | | | Onion -----+------+---------+---------+----------------+------- | | Homer-xubuntu Krustys-PC 192.168.0.51 192.168.0.54 8 FM CERT 2015-04-30 WWW.FORSVARSMAKTEN.SE Security Onion 9 FM CERT 2015-04-30 WWW.FORSVARSMAKTEN.SE Paths (also on Cheat Sheet) • PCAP files: /nsm/sensor_data/securityonion_eth1/dailylogs/ • Argus files:
  • Part 1 Digital Forensics Module Jaap Van Ginkel Silvio Oertli

    Part 1 Digital Forensics Module Jaap Van Ginkel Silvio Oertli

    Part 1 Digital Forensics Module Jaap van Ginkel Silvio Oertli July 2016 Agenda • Part 1: Introduction – Definitions / Processes • Part 2: Theory in Practice – From planning to presentation • Part 3: Live Forensics – How to acquire a memory image – Investigate the image • Part 4: Advanced Topics – Tools – Where to go from here – And more 2 Disclaimer§ • A one or two-day course on forensics will not make you a forensics expert. – Professionals spend most of their working time performing forensic analysis and thus become an expert. • All we can offer is to shed some light on a quickly developing and broad field and a chance to look at some tools. • We will mostly cover Open Source Forensic Tools. 3 Introduction Forensics in History 4 Forensics – History 2000 BC 1200 BC 5 Introduction Definitions / Processes 6 Forensics – The Field digital forensics Computer Forensics Disk Forensics Mobil Forensics Memory Forensics Datenbase Forensics Live Forensics Network Forensics 7 Forensics - Definition • Digital Forensics [1]: – Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. • Computer Forensics [2]: – Computer forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information. 8 Forensics - Definitions • Network Forensics [3]: – Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection.[1] Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information.
  • Passive Asset Discovery and Operating System Fingerprinting in Industrial Control System Networks

    Passive Asset Discovery and Operating System Fingerprinting in Industrial Control System Networks

    Eindhoven University of Technology MASTER Passive asset discovery and operating system fingerprinting in industrial control system networks Mavrakis, C. Award date: 2015 Link to publication Disclaimer This document contains a student thesis (bachelor's or master's), as authored by a student at Eindhoven University of Technology. Student theses are made available in the TU/e repository upon obtaining the required degree. The grade received is not published on the document as presented in the repository. The required complexity or quality of research of student theses may vary by program, and the required minimum study period may vary in duration. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain Department of Mathematics and Computer Science Passive Asset Discovery and Operating System Fingerprinting in Industrial Control System Networks Master Thesis Chris Mavrakis Supervisors: prof.dr. S. Etalle dr. T. Oz¸celebi¨ dr. E. Costante Eindhoven, October 2015 Abstract Maintaining situational awareness in networks of industrial control systems is challenging due to the sheer number of devices involved, complex connections between subnetworks and the delicate nature of industrial processes. While current solutions for automatic discovery of devices and their operating system are lacking, plant operators need to have accurate information about the systems to be able to manage them effectively and detect, prevent and mitigate security and safety incidents.
  • Introduction to Criminal Investigation: Processes, Practices and Thinking Introduction to Criminal Investigation: Processes, Practices and Thinking

    Introduction to Criminal Investigation: Processes, Practices and Thinking Introduction to Criminal Investigation: Processes, Practices and Thinking

    Introduction to Criminal Investigation: Processes, Practices and Thinking Introduction to Criminal Investigation: Processes, Practices and Thinking ROD GEHL AND DARRYL PLECAS JUSTICE INSTITUTE OF BRITISH COLUMBIA NEW WESTMINSTER, BC Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where otherwise noted. Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl and Darryl Plecas is, unless otherwise noted, released under a Creative Commons Attribution 4.0 International (CC BY-NC) license. This means you are free to copy, retain (keep), reuse, redistribute, remix, and revise (adapt or modify) this textbook but not for commercial purposes. Under this license, anyone who revises this textbook (in whole or in part), remixes portions of this textbook with other material, or redistributes a portion of this textbook, may do so without gaining the author’s permission providing they properly attribute the textbook or portions of the textbook to the author as follows: Introduction to Criminal Investigation: Processes, Practices and Thinking by Rod Gehl and Darryl Plecas is used under a CC BY-NC 4.0 International license. Additionally, if you redistribute this textbook (in whole or in part) you must retain the below statement, Download this book for free at https://pressbooks.bccampus.ca/criminalinvestigation/ as follows: 1. digital format: on every electronic page 2. print format: on at least one page near the front of the book To cite this textbook using APA, for example, follow this format: Gehl, Rod & Plecas, Darryl. (2016). Introduction to Criminal Investigation: Processes, Practices and Thinking.
  • Protocol Specification for OSI *

    Protocol Specification for OSI *

    167 Protocol Specification for OSI * Gregor v. BOCHMANN 1. Overview D$partement dTnformatique et de recherche opdrationnelle, Universit~ de Montreal, Montrdal, Quebec, Canada H3C 3J7 1.1. Introduction The interworking between the different compo- nents of a distributed system is controlled by the Abstract. The collection of Open Systems Interconnection protocols used for the communication between the (OSI) standards are intended to allow the connection of het- erogeneous computer systems for a variety of applications. In different system components. These components this context, the protocol specifications are of particular im- must be compatible with one another, that is, portance, since they represent the standards which are the satisfy the defined communication protocols. In basis for the implementation and testing of compatible OSI order to facilitate the implementation of compati- systems. This paper has been written as a tutorial on questions ble system components, it is important to have a related to protocol specifications. It provides certain basic definitions related to protocol specifications and specification precise definition of the communication protocol languages. Special attention is given to the specification for- to be used. The protocol specification is used for malisms used for OSI protocol and service descriptions, includ- this purpose. ing semi-formal languages such as state tables, ASN.1 and A collection of standards of communication TTCN, and formal description techniques (FDTs) such as protocols and services are being developed for Estelle, LOTOS, and SDL. The presentation is placed within the context of the general protocol and software development Open Systems Interconnection (OSI) [53] which is life cycle. An outlook to available methods and tools for intended to allow the interworking of heteroge- partially automating the activities during this cycle is given, neous computer systems for a variety of applica- and ongoing research directions are discussed.
  • PROGRAMMING ESSENTIALS in PYTHON | PCAP Certification

    PROGRAMMING ESSENTIALS in PYTHON | PCAP Certification

    PROGRAMMING ESSENTIALS IN PYTHON | PCAP Certification Programming Essentials in Python course covers all the basics of programming in Python, as well as general computer programming concepts and techniques. The course also familiarizes the student with the object-oriented approach. The course will prepare the student for jobs/careers connected with widely understood software development, which includes not only creating the code itself as a junior developer, but also computer system design and software testing. It could be a stepping-stone to learning any other programming language, and to explore technologies using Python as a foundation (e.g., Django, SciPy). This course is distinguished by its affordability, friendliness, and openness to the student. It starts from the absolute basics, guiding the student step by step to complex problems, making her/him a responsible software creator able to take on different challenges in many positions in the IT industry. TARGET AUDIENCE Programming Essentials in Python curriculum is designed for students with little or no prior knowledge of programming. TARGET CERTIFICATION Programming Essentials in Python curriculum helps students prepare for the PCAP | Python Certified Associate Programmer certification exam. PCAP is a professional certification that measures the student’s ability to accomplish coding tasks related to the basics of programming in the Python language, and the fundamental notions and techniques used in object-oriented programming. PCAP – COURSE MODULES & OBJECTIVES Module 1: Familiarize the student with the basic methods offered by Python of formatting and outputting data, together with the primary kinds of data and numerical operators, their mutual relations and bindings. Introduce the concept of variables and variable naming conventions.
  • Guidelines on Mobile Device Forensics

    Guidelines on Mobile Device Forensics

    NIST Special Publication 800-101 Revision 1 Guidelines on Mobile Device Forensics Rick Ayers Sam Brothers Wayne Jansen http://dx.doi.org/10.6028/NIST.SP.800-101r1 NIST Special Publication 800-101 Revision 1 Guidelines on Mobile Device Forensics Rick Ayers Software and Systems Division Information Technology Laboratory Sam Brothers U.S. Customs and Border Protection Department of Homeland Security Springfield, VA Wayne Jansen Booz Allen Hamilton McLean, VA http://dx.doi.org/10.6028/NIST.SP. 800-101r1 May 2014 U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Under Secretary of Commerce for Standards and Technology and Director Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. § 3541 et seq., Public Law (P.L.) 107-347. NIST is responsible for developing information security standards and guidelines, including minimum requirements for Federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate Federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as analyzed in Circular A- 130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in Circular A- 130, Appendix III, Security of Federal Automated Information Resources. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on Federal agencies by the Secretary of Commerce under statutory authority.
  • Experiences of Internet Traffic Monitoring with Tstat

    Experiences of Internet Traffic Monitoring with Tstat

    1 Experiences of Internet Traffic Monitoring with Tstat A. Finamore M. Mellia M. Meo M. M. Munaf`o D. Rossi 1Politecnico di Torino 2TELECOM ParisTech email: {[email protected]} email: [email protected] Abstract—Since the early days of the Internet, network traffic Internet monitoring tools are based on active probing, ranging monitoring has always played a strategic role in understanding from simple operation management or network tomography and characterize users’ activities. In this paper, we present our via ping or traceroute, to more complex delay and capac- experience in engineering and deploying Tstat, an open source passive monitoring tool that has been developed in the past ten ity estimation via capprobe or pathchar. Finally, large and years. Started as a scalable tool to continuously monitor packets controlled testbeds can be easily setup using tools like netem that flow on a link, Tstat has evolved into a complex application or dummynet. For the passive approach pure observations are that gives to network researchers and operators the possibility to performed by means of dedicated tools, named sniffers by derive extended and complex measurements thanks to advanced the Internet metrology community, that simply observe and traffic classifiers. After discussing Tstat capabilities and internal design, we analyze the traffic that flows on links. Several passive mea- present some examples of measurements collected deploying surement tools are available. Some tools, such as tcpdump or Tstat at the edge of several ISP networks in the past years. Wireshark, are designed to let researchers interactively analyze While other works report a continuous decline of P2P traffic the captured packets.