CBL - Campus del Baix Llobregat

Projecte llegit

Títol: Ampliación Android del "MONO packet capturer" para forense digial de redes

Director/a: HERNÁNDEZ SERRANO, JUAN

Departament: ENTEL

Títol: Ampliación Android del "MONO packet capturer" para forense digial de redes

Data inici oferta: 01-02-2017 Data finalització oferta: 01-10-2017

Estudis d'assignació del projecte:

GR ENG TELEMÀTICA

Tipus: Individual

Lloc de realització: EETAC

Paraules clau:
Android Monitor MONO VPN

Descripció del contingut i pla d'activitats:


Overview (resum en anglès):
Digital Forensics can be defined as the use of scientific methods to find evidences in digital sources such as computers, tablets, mobile phones, databases, Network Interface Controllers (NICs), smart devices, etc. These evidences may be used to support or refute a hypothesis in a public or a private investigation (about criminal activities, intrusions, etc.). Network forensics is a sub-branch of digital forensics related to the monitoring and analysis of computer networks. ANFORA (ANálisis FORense Avanzado) is a Spanish research project conducted by the Information Security Group of the UPC that is aimed at the innovation in digital forensics. Among its fields of research is the creation and improvement of tools and techniques to ease the work of analysts in digital and network forensics. In the context of this research project, we present this work that addresses the needs of automation and better user experience in network forensics analysis. This approach to "MONO Packet Capturer has the following functionalities: List IP packets with their content. Download selected packets for further analysis with Wireshark. List IP, UDP and TCP conversations. Enable search by keyword in packet header and payload. Decrypt SSL/TLS traffic, whenever possible. In this TFG, the main objective is to develop an Android client/app, which is also updated to expanding the following functionalities: Discover the active TCP and UDP connections that each application uses in real time. Add in TCP and UDP conversations list the application name that corresponds each one. List files accessed during the sesión by each application.