Proj X8: Finding Items with NetWitness (15 pts.)
Getting the PCAP File
Doanload this file and save it:
3items.pcap
Verify the MD5 hash of the file. The correct
value is 45094695ea765c54bfe80393d2d68f24.
Task
Load the captured packets into
NetWitness.
Find these items, and save an
image of your whole desktop when
you do.
FTP Download
Find an FTP download of a ZIP file.
Save an image like this one,
showing the name of the downloaded
file.
Yahoo Search
Find reconstructed Yahoo search page.
Save an image like this one,
showing the term which was searched for.
Gear Image
Find this image that was viewed
in a reconstructed page. Your image
should have some writing in the lower
left corner which has been
redacted from my sample image below.
Turning in Your Project
Email the images to cnit.121@gmail.com with a Subject line of
Proj X8 from Your Name. Send a Cc: to yourself.
Last modified 4-18-13 6:36 am