Windows Forensics and Incident Recovery

FTP Traffic Capture

The FTP traffic capture (ftp_capture.acp) contains the results of communication between an FTP client and an FTP server. Based on the contents of the traffic capture, five questions were asked in Chapter 9. The answers to those questions are provided below.

The FTP server is running Microsoft FTP Service (version 5.0). See packet number 12.
The user accessing the FTP server used the password “ie@user.” See packet number 28.
Three files were transferred to the FTP server (openports.exe, rifiuti.txt, and stats.log).
In order to determine the contents of each file, scroll down through the network packets displayed in the Ethereal interface until you find the packets that contain “Request: STOR <filename>” in the Info column. For ...

Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows Forensics and Incident Recovery by Harlan Carvey

FTP Traffic Capture

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly