Conducting Forensic Investigations on Network Infrastructure

In this lab, I conducted a detailed forensic investigation of network infrastructure using various tools and techniques. I began by capturing and analyzing packet-level traffic with Wireshark, employing filters for IP addresses, ports, protocols, and TCP flags to identify suspicious activity and trace data flows.

Next, I performed a forensic analysis on a router, examining interface details, ARP tables, routing configurations, and the running system configurations to uncover potential security concerns. The lab also included advanced packet capture techniques, such as reconstructing transferred files and analyzing FTP traffic to extract metadata and payloads.

Finally, I analyzed firewall logs to identify abnormal outbound connections and resolved log entries. This culminated in the discovery of a suspicious non-RIP route and a rogue connection to the IP address 202.20.3.10 on port 1337. This lab reinforced my skills in network forensics, traffic analysis, and anomaly detection in real-world infrastructure environments.