Introduction
The huge adoption of wireless technologies over recent years has placed wireless data (or Wi-Fi) networks, based on the 802.11 specifications, as one of the major attack vectors for organizations nowadays. Incident handlers and law enforcement have been forced to deal with the complexity associated with these technologies when managing and responding to security incidents.
This two-part series looks at the issues associated with collecting and analyzing network traffic from wireless networks in an accurate and comprehensive way; a discipline known as wireless forensics.
Part one of this article focuses on the technical details and challenges for traffic acquisition, and provides design requirements and best practices for wireless forensics tools. The second part will address the main considerations and challenges for wireless traffic analysis, including advanced anti-forensic techniques and some legal aspects associated with this discipline.
The reader should note that for simplicity, all practical examples and specific technical details covered in the article use Linux and open-source tools.
Wireless forensics overview
Wireless Forensics is a discipline included within the computer forensic science, and specifically, within the network forensic field, and it’s a term coined by Marcus Ranum in 1997. Its main goal is to provide the methodology and tools required to collect and analyze (wireless) network traffic that can be presented as valid digital evidence in a court of law. The evidence collected can correspond to plain data or, with the broad usage of Voice-over-IP (VoIP) technologies, especially over wireless, can include voice conversations.
The wireless forensic process involves capturing all data moving over the network and analyzing network events in order to uncover network anomalies, discover the source of security attacks, and investigate breaches on computers and wireless networks to determine whether they are or have been used for illegal or unauthorized activities.
When performing wireless forensics, the security analyst must follow the same general principles that apply to computer forensics: identify, preserve and analyze the evidence, in order to impartially report the findings and conclusions.
Technical challenges for WiFi traffic acquisition
The main technical challenges associated to wireless forensics are due to the intrinsic nature of radio frequency (RF) communications and the complexity of the physical medium and the 802.11 specifications. The following sections focus on the major handicaps the forensic examiner, and his capture tools, must overcome.
Read more . . .
Part Two
The huge adoption of wireless technologies over recent years has placed wireless data (or Wi-Fi) networks, based on the 802.11 specifications, as one of the major attack vectors for organizations nowadays. Incident handlers and law enforcement have been forced to deal with the complexity associated with these technologies when managing and responding to security incidents.
This two-part series looks at the issues associated with collecting and analyzing network traffic from wireless networks in an accurate and comprehensive way; a discipline known as wireless forensics.
Part one of this article focuses on the technical details and challenges for traffic acquisition, and provides design requirements and best practices for wireless forensics tools. The second part will address the main considerations and challenges for wireless traffic analysis, including advanced anti-forensic techniques and some legal aspects associated with this discipline.
The reader should note that for simplicity, all practical examples and specific technical details covered in the article use Linux and open-source tools.
Wireless forensics overview
Wireless Forensics is a discipline included within the computer forensic science, and specifically, within the network forensic field, and it’s a term coined by Marcus Ranum in 1997. Its main goal is to provide the methodology and tools required to collect and analyze (wireless) network traffic that can be presented as valid digital evidence in a court of law. The evidence collected can correspond to plain data or, with the broad usage of Voice-over-IP (VoIP) technologies, especially over wireless, can include voice conversations.
The wireless forensic process involves capturing all data moving over the network and analyzing network events in order to uncover network anomalies, discover the source of security attacks, and investigate breaches on computers and wireless networks to determine whether they are or have been used for illegal or unauthorized activities.
When performing wireless forensics, the security analyst must follow the same general principles that apply to computer forensics: identify, preserve and analyze the evidence, in order to impartially report the findings and conclusions.
Technical challenges for WiFi traffic acquisition
The main technical challenges associated to wireless forensics are due to the intrinsic nature of radio frequency (RF) communications and the complexity of the physical medium and the 802.11 specifications. The following sections focus on the major handicaps the forensic examiner, and his capture tools, must overcome.
Read more . . .
Part Two