Upload File

wireless investigations using xplico

18
XPLICO For forensics investigation Basic usage guide By Chris Harrington

Upload: chris-harrington

Post on 27-Jun-2015

206 views

Category:

Technology


2 download

Report

Tags:

DESCRIPTION

A quick guide using Xplico for wireless investigations. Xplico analyzes a capture file taken from a suspect's wireless and performs carving techniques to extract artifacts.

TRANSCRIPT

Page 1: Wireless Investigations using Xplico

XPLICOFor forensics investigation

Basic usage guide

By Chris Harrington

Page 2: Wireless Investigations using Xplico

Linux OS◦ Kali (used for this test)◦ Backtrack◦ Others will work too

Installed Applications◦ Xplico◦ Apache

CAPTURE file from suspect’s wireless

Requirements

Page 3: Wireless Investigations using Xplico

Open a terminal window and type:/etc/init.d/apache2 start

Start Apache

Page 4: Wireless Investigations using Xplico

Start Xplico services/etc/init.d/xplico start

Start Xplico

Page 5: Wireless Investigations using Xplico

Navigate to http://localhost:9876Xplico listens on port 9876 by default

Open a browser window

http://localhost:9876/
Page 6: Wireless Investigations using Xplico

Default username and password Username: xplico Password: xplico

Login to Xplico

Page 7: Wireless Investigations using Xplico

After logging in, the case overview shows Create a new case

Create a new case

Page 8: Wireless Investigations using Xplico

Specify a case name and create the case

New case information

Page 9: Wireless Investigations using Xplico

The new case is shown here in case overview

Click on the new case to enter it

Case overview

Page 10: Wireless Investigations using Xplico

Within the Case Overview is the Sessions overview. Sessions are Capture files linked to the case

Click New Session

Case sessions

Page 11: Wireless Investigations using Xplico

Enter the session name

New session

Page 12: Wireless Investigations using Xplico

The new session is shown and click on it to enter it

Session overview

Page 13: Wireless Investigations using Xplico

This page shows artifacts found in previous CAPTURE files. Click browse and upload the suspect’s CAPTURE file

Analysis overview

Page 14: Wireless Investigations using Xplico

It may take time depending on the size of your CAPTURE file to finish decoding and searching for artifacts

Decoding

Page 15: Wireless Investigations using Xplico

The overview shows which artifacts were found. Use the menu on the left to navigate through them

Finished decoding

Page 16: Wireless Investigations using Xplico

Websites visited that were found and extracted

Example

Page 17: Wireless Investigations using Xplico

Xplico offers quick and easy packet analysis.

Other data that can be extracted:◦ RTP and SIP streams◦ Emails ◦ Images ◦ And much more

Always a good idea to run other carving tools on the CAPTURE file

Notes

Page 18: Wireless Investigations using Xplico

My contact details

[email protected]

Questions?

mailto:[email protected]

Special Investigations Unit -- SIU Homepage€¦ · Special Investigations Unit -- SIU Homepage

Lesson 3: Scientific Investigations: Types of Scientific Investigations INQB: Design Investigations Content Standard: Different kinds of questions suggest

Syllabus and Course Information - Boston University · Web viewInvestigating Wireless Networks and Devices Chapter 2 Handbook of Digital Forensics and Investigations Chapter 11 Blackboard

CHAPTER 8 - INVESTIGATIONS€¦ · 330 chapter 8 investigations operations manual chapter 8 investigations operations manual

Available online at ScienceDirect · (RSA, 2016),Wireshark (Wireshark, 2016), PyFlag (Cohen, 2008), and Xplico’s Open Source Network Forensic Analysis Tool (Xplico, 2016). They

INDEX INVESTIGATIONS OPERATIONS MANUAL … · INVESTIGATIONS OPERATIONS MANUAL 2018 INDEX. Inspections

Government Investigations: Evaluating the Settlement Optionsmedia.straffordpub.com/products/government-investigations-evaluati… · Government Investigations: Evaluating the Settlement

Cardiovascular Investigations

Criminal Investigations CJ210 Prof. Andy McIntosh Death Investigations

International Library of Philosophy Logical Investigations IntroductionHusserlLogical-Investigations 2001.pdf · Logical Investigations, Vols I & II Edmund Husserl Logical Investigations

Geotechnical work Site investigations and intrusive ground investigations

Cough investigations

LAW ENFORCEMENT TELEPHONE INVESTIGATIONS RESOURCE GUIDE ... · PDF filelaw enforcement telephone investigations resource guide ... law enforcement telephone investigations resource

investigations on energy aware routing in wireless sensor networks

Conducting Modern Investigations Analytics & Predictive Coding for Investigations & Regulatory Matters

Conducting Internal Investigations Amid …media.straffordpub.com/products/conducting-internal-investigations...Conducting Internal Investigations Amid Heightened Government Scrutiny

Maths investigations NETW10RK. Aims -To support the teaching of mathematical investigations. -To provide resources to support mathematical investigations

Regulatory investigations Introduction - Linklaterscontent.linklaters.com/.../Regulatory_Investigations_Introduction.pdfRegulatory investigations – Introduction ... And note that

WOMEN IN INVESTIGATIONS...oen in Investigations 2018 First published on the Global Investigations Review website, 21 June 2018 globalinvestigationsreview.com Women in Investigations

Investigations Oncloud, Wireless Networking And Block

Mobile Device Investigations Program (MDIP) A Brief ... · A Brief History of Wireless Technology Federal Law Enforcement Training Center Technical Operations Division. Mobile Device

Environmental Health Investigations: Conducting Traceback Investigations

Investigations into Smart Antennas for CDMA Wireless Systemsusers.cecs.anu.edu.au/Salman.Durrani/_PhD/Durrani_Thesis.pdf · tems. Smart or adaptive antennas have emerged as a promising

Asia-Pacific Investigations Review 2020...v Welcome to the Asia-Pacific Investigations Review 2020, a Global Investigations Review special report. Global Investigations Review is the

Xplico: Internet Traffic Decoder. Network Forensic ...holisticinfosec.org/toolsmith/pdf/june2011.pdf · By Russ McRee – ISSA member, Puget Sound (Seattle), USA Chapter Xplico: Internet

Marble Launcher Investigations Level A Investigations · Marble Launcher Investigations Level A Investigations A-1 Launch Angle and Distance Which launch angle makes the marble travel

Managing Investigations Managing Sexual Exploitation and Abuse Investigations

Internal Investigations Workshop · Workplace Investigations Strategies to help you handle the internal investigations process scce-2019-bloch-investigations-3-books-8.5x5.5.indd

Safety Culture and Investigations - Microsoftbtckstorage.blob.core.windows.net/site987/2018 Presentations/WOS… · investigations. •Why poor quality investigations occur. •The

Centrelink Fraud Investigations · PDF fileAGIS Australian Government Investigations Standards 2003 AIC ... Centrelink Fraud Investigations 11

PIH Investigations

The Human Body and Millimeter Wave Wireless Communication ... · future broadband mobile communication networks [3][4]. The increasing investigations on mmWave applications and technologies,

Investigations into Smart Antennas for CDMA Wireless SystemsSalman.Durrani/_PhD/...• S. Durrani and M. E. Bialkowski, “Influence of mutual coupling on the interfer ence rejection

Investigations and Soils Analysis Stephen Plante, Richard ...theclayresearchgroup.org/resources/Investigations and Soils.pdf · Investigations and Soils Analysis Discussion Paper

CHAPTER 2 TERRAIN INVESTIGATIONS OF ROUTING PROTOCOLS IN WIRELESS ...shodhganga.inflibnet.ac.in/bitstream/10603/45886/13/13_chapter 2.p… · The impact of different wireless sensor