IFN643 Assignment 2: Digital Forensics with Wireshark Analysis

This report focuses on digital forensics, specifically the use of Wireshark for identifying hosts and users within a network. The analysis begins with an overview of packet filtering and the importance of Wireshark as a packet analyzer. The report details how to identify hosts and users using various techniques, including DHCP, NBNS, and HTTP traffic analysis. It explains how to extract information such as MAC addresses, IP addresses, hostnames, operating systems, and device models from pcap files. The report provides step-by-step instructions and examples, including the use of Wireshark filters to analyze specific types of traffic. Several pcap files are used to illustrate the process, showing how to correlate MAC addresses and IP addresses, identify operating systems from HTTP user-agent strings, and determine the model of Android and iPhone devices. The analysis covers techniques for identifying hosts on Windows, Android, and iOS devices. The report concludes by emphasizing the importance of Wireshark in network troubleshooting and digital forensics investigations.