Initial Network Security Analysis
Case 01
Evidence Provided
- One pcap-file
As part of our CyberOps Associate course, we are required to do 4 cases! This was the first one.
Scenario was quite simple: the suspicion arose after the company repeatedly lost bids to a foreign competitor, raising concerns about an internal data breach. I was hired to investigate what really happened.
I was given a network traffic capture file (PCAP) to analyze using Wireshark. The file was medium-sized (50 k).
The analysis focused on traffic involving the company's archiving system (sp.wpk.tpu.fi), which stores sensitive documents as .jpg files.
The first task was to identify every IP-address in the file. This helped map the network traffic and associate devices with specific users. After that, the approach was straightforward → identify the data breach → locate the malicious actor (or devices) → compile a report for the company.
You can see the official report for this case 1 below in the pdf!