File Carving From PCAP |
Author(s): |
Nikunj Chavda |
Keywords: |
Network traffic analysis, pcap analysis , file carving, file time-stamps |
Abstract |
In today’s world sharing files on the Internet is quite a simple task for any of the people even for the kids also and now a days crimes is happening through the network with viruses and Trojans and also some of the mischief documents are sending through the Internet. For all of this, network monitoring and pcap analysis are sparingly required. All the network monitoring tools create pcap files and analyst may further analyze this file and find any anonymous activity. Here in this paper there is one scenario in which pcap is analyzed in such a manner that if any file transmission occurs through then embedded files can be carved when it is deeply analyzed with proper techniques. File carving is the process of reassembling computer files from fragments in the absence of file-system meta-data. The basic analysis scenario is, we have three pcap files. Each pcap file has the packets which are captured while transferring different files and in this practical scenario we will see how can we analyze the pcap file and will carve the transferred files over it. |
Other Details |
Paper ID: IJSARTV Published in: Volume : 1, Issue : 2 Publication Date: 2/6/2015 |
Article Preview |
Download Article |