In the last few chapters, we saw how we can capture network packets and gain deep insights into them using various tools and techniques. However, what if the data traveling across the network using a DNS query is not carrying a DNS payload? Alternatively, what if the data makes no sense from the packets under observation? To answer these questions, we will have a look at various stepping stones in our journey of effectively conducting network forensics. The data is sometimes encrypted using TLS, SSL, custom encryption mechanisms, or WEP/ WPA2 in the wireless space. In this chapter, we will look at combating these hurdles and obtaining meaningful data behind the closed doors of encryption.
We will look at the following topics:
- Decrypting TLS using browsers
- Decoding a malicious DNS tunnel
- Decrypting 802.11 packets
- Decoding keyboard captures
