Decrypting 802.11 packets

Sometimes, as a forensics investigator, you will receive PCAP files that contain WLAN packets, and to make sense out of them, you need the key. Obtaining the key should not be difficult in forensic scenarios where you have the authority, but as a forensic investigator, you must be prepared for all possible situations. In the next scenario, we have a PCAP file from, and as soon as we open it up in Wireshark, we have 802.11 packets right in front of us:

We cannot figure out what activities were performed in the network ...

Get Hands-On Network Forensics now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.