As a professional forensic guy, you can is not being too careful to anlyze the evidence. Especially when the case was about malware or hacker. Protect your workstation is your responsibility. You're a professional forensic examiner, so don ' t get infected when examining the evidence file or network packet files. A friend of mine, she is also a forensic examiner, became victim yesterday. It ' s too ridiculous!!! She was very embrassing. The reason why she got infected is that she extracted a zip file from a suspicious network packet file and "accessed" tha T zip file. Then something happened. What a tragedy~
Let me show the Analyze network packet files by using network Miner. Import the network packet file captured from the victim ' s workstation. See the tab "Credentials" we could find some important clue about accout and password.
See tab "Files" network Miner could extract files inside the network packet file. It ' s very convenient for forensic guys to identify the files transfered.
Right click on the suspicious file and you could see where the file was by "Open folder".
Now you know where it is. Don ' t be too exciting. Curiosity killed Cats!!!
"Life is like a box of chocolates." You never know ' re gonna get. " Similarly a forensic guy never know whether any suspicious malware or virus are inside the file or not. So you had to conduct a malware an analysis on it. Let me show you the verify result as below:
Analyze network packet files very carefully