I’ve previously described how to use a command-line tool I wrote called lim to search and access malware sandbox data from the CTU Malware Capture Facility, which archives hundreds of malware sandbox captures, all (as it happens) with PCAP files! Those seeking to advance in their career doing more detailed DF/IR tasks, including creating new signatures for detection and reporting on new capabilities in malware, need an even deeper understanding of what is contained in network traffic captures (commonly in PCAP format files ).
Those hoping to become a security operation center (SOC) analyst need to know what is behind the alerts their network monitoring or end-point detection systems produce.These disciplines involve analyzing the network communications associated with remotely controlled malicious software installed on your organization’s computer systems. This article is aimed at those wanting to learn how to leverage network traffic capture and analysis tools as part of the digital forensics and incident response (DF/IR) processes.
0 kommentar(er)
