Laporan Technical Evidence03



Worksheet

Network Forensic Worksheet 3

Details


Nama            : Ferry Ananda Febian

NIM                : 1912023

Scenario


Ann and Mr. X have set up their new base of operations. While waiting for the extradition paperwork to go through, you and your team of investigators covertly monitor her activity. Recently, Ann got a brand new AppleTV, and configured it with the static IP address 192.168.1.10. Here is the packet capture evidence03.pcap  with her latest activity.

You are the forensic investigator. Your mission is to find out what Ann searched for, build a profile of her interests, and recover evidence

  1. What is the MAC address of Ann’s AppleTV?
  2. What User-Agent string did Ann’s AppleTV use in HTTP requests?
  3. What were Ann’s first four search terms on the AppleTV (all incremental searches count)?
  4. What was the title of the first movie Ann clicked on?
  5. What was the full URL to the movie trailer (defined by “preview-url”)?
  6. What was the title of the second movie Ann clicked on?
  7. What was the price to buy it (defined by “price-display”)?
  8. What was the last full term Ann searched for?

referensi jawaban

FORENSICS CONTEST - PUZZLE #3 - Ann’s AppleTV https://www.aldeid.com/wiki/Network-forensics/Puzzle3#1._What_is_the_MAC_address_of_Ann.27s_AppleTV.3F

Network Forensics Challenge 2 https://youtu.be/B1yBRE00cio

Pertama yang harus dilakukan adalah menganalisa file pcap

1. Memeriksa integritas file

2. Melakukan protokol hierarki dengan tshark

3. Fungsi untuk mengeluarkan xml

4. Melakukan host 

Selanjutnya adalah proses mengumpulkan bukti dan mencari tahu apa yang dicari Ann.

1. What is the MAC address of Ann's AppleTV?

Disebutkan bahwa "Ann mendapatkan Apple TV baru, dan mengonfigurasinya dengan alamat IP statis 192.168.1.10". Sangat mudah untuk mendapatkan alamat fisik yang sesuai berkat opsi "-e" (menunjukkan alamat mac) di tcpdump: 

00:25:00:fe:07:c4

2. What User-Agent string did Ann’s AppleTV use in HTTP requests?

Informasi User-Agent ditransmisikan dalam permintaan HTTP. Tcpdump memungkinkan untuk melihat informasi ini:

AppleTV/2.4 

3. What were Ann’s first four search terms on the AppleTV (all incremental searches count)?

h

ha

hac

hack

4. What was the title of the first movie Ann clicked on?

Hackers

5. What was the full URL to the movie trailer (defined by “preview-url”)?

http://a227.v.phobos.apple.com/us/r1000/008/Video/62/bd/1b/mzm.plqacyqb..640x278.h264lc.d2.p.m4v

6. What was the title of the second movie Ann clicked on?

Sneakers

7. What was the price to buy it (defined by “price-display”)?

$9.99

8. What was the last full term Ann searched for?

http://ax.search.itunes.apple.com/WebObjects/MZSearch.woa/wa/incrementalSearch?media=movie&q=iknowyourewatchingme


Posting Komentar

0 Komentar