A flow record is the metadata information about flow on the network. Consider a scenario where an infected system is talking to the attacker's system and has uploaded two documents of 5 MB each to the attacker's system. In such cases, the flow record will contain information such as the IP addresses of both the compromised host and the attacker system, port numbers, date and time, and the amount of data exchanged, which in this case would be around 10 MB.
The flow record and flow-record processing systems (FRPS) 
by Nipun Jaswal
Hands-On Network Forensics
- Title Page
- Copyright and Credits
- Dedication
- About Packt
- Contributors
- Preface
- Section 1: Obtaining the Evidence
- Introducing Network Forensics
- Technical Concepts and Acquiring Evidence
- Section 2: The Key Concepts
- Deep Packet Inspection
- Statistical Flow Analysis
- Combatting Tunneling and Encryption
- Section 3: Conducting Network Forensics
- Investigating Good, Known, and Ugly Malware
- Investigating C2 Servers
- Investigating and Analyzing Logs
- WLAN Forensics
- Automated Evidence Aggregation and Analysis
- Other Books You May Enjoy
- Assessments
The flow record and flow-record processing systems (FRPS)
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.