Jump to content

Computer and Network Forensics Forum ?


Recommended Posts

I'd like to learn all about computer Network Forensics - ideally how to recover MIME type attachments sent via email, and also downloaded over TCP connections. Is there a way to recover these types of data from a WireShark pcap (Packet Capture) file please?

Is there a Computer forensics forum that somebody can recommend me to join to learn these techniques please?

Jed :)

Edited by JedClampett
Link to comment
Share on other sites


how to recover MIME type attachments sent via email

Well, recover how? From a network capture? From an outlook pst file? The question isn't very clear. But basically you have to know how it's encoded (e.g. base64) and how it's stored (data structures) or transmitted (protocols).

downloaded over TCP connections

Email is sent via other protocols (e.g. SMTP) which use TCP underneath. Again, it's mainly a matter of understanding the protocols used. Then again, the protocol may be encrypted too (SSL/TLS) which is a lot more "fun".

Is there a way to recover these types of data from a WireShark pcap (Packet Capture) file please?

That depends on which protocol it was sent with and so on.

I'm not sure what would be the best way to learn the tools. Obviously, you have to know how to use the basics of wireshark, but MUCH more importantly, it's understanding the traffic that it shows. There is no way around having a solid understanding of how TCP/IP works and various other protocols. If you don't know how a TCP handshake works, how addressing works, how NAT works, the difference between UDP and TCP and so on (ARP, HTTP, DHCP, ICMP, etc), you're not going to really understand much of anything Wireshark will show you.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...