Direct TCP dump analysis

• Let’s look for ‘yahoo’ in a sniffer log of a recent cryptography for forensics class

  • The class didn’t use yahoo, so these students were cruising the web during their class…
  • Enter “yahoo” as the only search term
  • Select “Search” “binary”
  • Select “Search” “image” and use the up-arrow to go to the IP directory, change the search restriction to all files (*.*) and pick out a TCP dump log.
  • Press “Go”

Previous slide

Next slide

Back to first slide

View graphic version