Difference between pages "OS fingerprinting" and "Afentis forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Tools)
 
(External Link)
 
Line 1: Line 1:
'''OS fingerprinting''' is the process of determining the [[operating system]] used by a host on a network.
 
  
== Active fingerprinting ==
+
== Afentis Forensics ==
Active fingerprinting is the process of transmitting packets to a remote host and analysing corresponding replies.
+
  
== Passive fingerprinting ==
+
Scientific support and investigation practice with expert witnesses providing DNA analysis, fingerprint evaluations, firearm evidence, mobile telephone examinations and Cell Site Analysis (CSA) - from crime scene to court.
Passive fingerprinting is the process of analysing packets from a host on a network. In this case, fingerprinter acts as a [[sniffer]] and doesn't put any traffic on a network.
+
  
== Fingerprinting techniques ==
+
Produce a number of eDiscovery and digital evidence software tools, including:
  
Almost all fingerprinting techniques are based on detecting difference in packets generated by different operating systems.
+
[http://www.facebookforensics.com/ Facebook Forensic Toolkit]
  
Common techniques are based on analysing:
+
[http://www.linkedinforensics.com/ LinkedIn Forensic Toolkit]
  
* IP TTL values;
+
[http://www.youtubeforensics.com/ YouTube Forensic Toolkit]
* IP ID values;
+
* TCP Window size;
+
* TCP Options (generally, in TCP SYN and SYN+ACK packets);
+
* DHCP requests;
+
* ICMP requests;
+
* HTTP packets (generally, User-Agent field).
+
  
Other techniques are based on analysing:
+
[http://www.tumblrforensics.com/ Tumblr Forensic Toolkit]
  
* Running services;
 
* Open port patterns.
 
  
== Limitations ==
+
== External Link ==
Many passive fingerprinters are getting confused when analysing packets from a NAT device.
+
  
== Tools ==
+
[http://www.afentis.com/ Official Website]
Active fingerprinters:
+
* [[Nmap]]
+
 
+
Passive fingerprinters:
+
* [[NetworkMiner]]
+
* [[p0f]]
+
* [[Satori]]
+
 
+
== See Also ==
+
 
+
* [[NAT detection]]
+
 
+
== Links ==
+
* [http://nmap.org/book/osdetect.html Remote OS detection paper]
+
 
+
[[Category:Network Forensics]]
+

Revision as of 13:36, 26 May 2014

Afentis Forensics

Scientific support and investigation practice with expert witnesses providing DNA analysis, fingerprint evaluations, firearm evidence, mobile telephone examinations and Cell Site Analysis (CSA) - from crime scene to court.

Produce a number of eDiscovery and digital evidence software tools, including:

Facebook Forensic Toolkit

LinkedIn Forensic Toolkit

YouTube Forensic Toolkit

Tumblr Forensic Toolkit


External Link

Official Website