Course 13 - Network Forensics | Episode 6: Wireless Network Analysis, Standards, and Security Forensics

In this lesson, you’ll learn about:Wireless networking fundamentals, standards, and modulation techniquesKey 802.11 amendments and operating modesThe evolution of Wi-Fi security from WEP to WPA2 EnterpriseCommon wireless threats and attack techniquesForensic considerations when investigating compromised wireless devices1. Wireless Fundamentals and Standards Wireless LANs rely on several core components:Access Points (APs)Wireless NICsAntennas, such as Yagi, parabolic, and omnidirectional modelsWi-Fi operates mainly in unlicensed frequency bands, typically 2.4 GHz and 5.8 GHz. Spread Spectrum Techniques These methods reduce interference and support reliable wireless communication:Frequency Hopping Spread Spectrum (FHSS)Used in early 802.11Continuously hops frequencies to resist narrowband interference from devices like Bluetooth or microwavesDirect Sequence Spread Spectrum (DSSS)Used in 802.11b/gWorks best on the non-overlapping channels (1, 6, 11) in 2.4 GHzLimited channel spacing drove the move to 5.8 GHz (802.11a/ac), enabling more adjacent APs with less interferenceKey 802.11 Amendments802.11c – Enabled MAC bridging to connect facilities802.11e – Introduced QoS for reliable audio/video transmission802.11f – Developed roaming capabilities between APs802.11i – Major security upgrade and foundation of WPA2 EnterpriseEnabled port-level authentication with RADIUS and smart cardsOperational ModesInfrastructure Mode (BSS) – Uses an APAd Hoc Mode (IBSS) – Peer-to-peer without an APWireless Application Protocol (WAP)Used older mobile devicesPages structured using WML, based on XML, divided into decks and cards2. Evolution of Wireless Security Protocols WEP (Wired Equivalent Privacy)Early Wi-Fi security but fundamentally flawedClaimed “64-bit encryption,” but truly offered 40-bit key strengthUsed a 24-bit IV, transmitted in clear textIV space exhausted quickly → collisions → RC4 encryption breaksRelied on static keys and manual distributionWPA (Wi-Fi Protected Access) Created as a temporary fix to WEP’s failures:Increased IV space from 24 to 48 bitsUsed 128-bit keysIntroduced TKIP for dynamic key generationInitially used RC4, later transitioned to AES + TKIPWPA2 Enterprise Introduced via 802.11i:Uses AES encryption (later with ECC)Implements port-level authentication through RADIUSSupports enterprise credentials and smart cardsConsidered the standard for strong Wi-Fi security3. Wireless Threats and Attack Techniques Misconceptions and Weak ProtectionsSSID HidingIneffective—SSID appears in clear text in management framesMAC FilteringEasily bypassed via MAC spoofingCommon Wireless AttacksEavesdropping (passive sniffing)War Driving (locating WLANs while moving)DoS AttacksFlooding deauthentication framesSpoofing AP messagesDNS PoisoningRogue Access PointsAttackers create a fake AP with the same SSIDTools like the WiFi Pineapple attract clients using a stronger signalBluetooth ThreatsBluejacking – Sending unsolicited messagesBluesnarfing – Stealing data via unauthorized Bluetooth accessLink Encryption ConcernsWi-Fi uses link-layer encryption, meaning:Data is decrypted and re-encrypted at every hopEach hop creates an additional point of vulnerability4. Wireless Forensics and Investigation To investigate compromised wireless devices, analysts must understand:How authentication and association occurThat Wi-Fi uses symmetric, shared-key encryptionThe same key encrypts data on the client and decrypts it on the APHow to detect abnormal wireless activityKey Forensic TechniquesConduct wireless site surveysUse tools such as:NetStumbler (network discovery)Wireshark (packet capture and analysis)Examine management frames, signal strength patterns, and authentication logsYou can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy