Difference between revisions of "Wireless forensics"

From ForensicsWiki
Jump to: navigation, search
(New page: {{Expand}} '''Wireless forensics''' is the process of capturing information that moves over a wireless network and trying to make sense of it in some kind of forensics capacity. == Wirel...)
 
m
(2 intermediate revisions by the same user not shown)
Line 8: Line 8:
 
Common encryption technologies used by these networks are: WEP, WPA/WPA2-PSK, some networks have no encryption at all.
 
Common encryption technologies used by these networks are: WEP, WPA/WPA2-PSK, some networks have no encryption at all.
  
In order to decrypt intercepted secured WLAN traffic you should crack the encryption key. Note, that the only option for cracking WPA/WPA2-PSK keys is to do a brute-force password guessing attack. There are several WPA-PSK rainbow tables [http://www.renderlab.net/projects/WPA-tables/ available].
+
In order to decrypt intercepted secured WLAN traffic you should crack the encryption key. Note, that the only option for cracking WPA/WPA2-PSK keys is to do a brute-force password guessing attack. There are several WPA-PSK [[Rainbow Tables|rainbow tables]] [http://www.renderlab.net/projects/WPA-tables/ available].
  
 
Many commercial [[network forensics]] systems can intercept and decrypt WLAN traffic, for example:
 
Many commercial [[network forensics]] systems can intercept and decrypt WLAN traffic, for example:
Line 16: Line 16:
 
As well as some open-source tools:
 
As well as some open-source tools:
 
* [http://aircrack-ng.org/doku.php aircrack-ng]
 
* [http://aircrack-ng.org/doku.php aircrack-ng]
 +
 +
WPA/WPA2-PSK cracking-only solutions with [[Forensics on GPUs|GPU acceleration]] (15-100 times faster than in CPU-only mode):
 +
 +
* [http://www.elcomsoft.com/edpr.html ElcomSoft Distributed Password Recovery]
 +
* [http://code.google.com/p/pyrit/ Pyrit]
  
 
== Wireless Metropolitan Area Networks ==
 
== Wireless Metropolitan Area Networks ==

Revision as of 14:56, 14 October 2008

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Wireless forensics is the process of capturing information that moves over a wireless network and trying to make sense of it in some kind of forensics capacity.

Wireless Local Area Networks

WLANs are standardized under the IEEE 802.11 series.

Common encryption technologies used by these networks are: WEP, WPA/WPA2-PSK, some networks have no encryption at all.

In order to decrypt intercepted secured WLAN traffic you should crack the encryption key. Note, that the only option for cracking WPA/WPA2-PSK keys is to do a brute-force password guessing attack. There are several WPA-PSK rainbow tables available.

Many commercial network forensics systems can intercept and decrypt WLAN traffic, for example:

As well as some open-source tools:

WPA/WPA2-PSK cracking-only solutions with GPU acceleration (15-100 times faster than in CPU-only mode):

Wireless Metropolitan Area Networks

GSM networks

Other networks