A quick guide using Xplico for wireless investigations. Xplico analyzes a capture file taken from a suspect's wireless and performs carving techniques to extract artifacts.

1. For forensics investigation
Basic usage guide
By Chris Harrington

2.  Linux OS
◦ Kali (used for this test)
◦ Backtrack
◦ Others will work too
 Installed Applications
◦ Xplico
◦ Apache
 CAPTURE file from suspect’s wireless

3.  Open a terminal window and type:
/etc/init.d/apache2 start

4.  Start Xplico services
/etc/init.d/xplico start

5.  Navigate to http://localhost:9876
Xplico listens on port 9876 by default

6.  Default username and password
 Username: xplico
 Password: xplico

7.  After logging in, the case overview shows
 Create a new case

8.  Specify a case name and create the case

9.  The new case is shown here in case overview
 Click on the new case to enter it

10.  Within the Case Overview is the Sessions
overview. Sessions are Capture files linked to
the case
 Click New Session

11.  Enter the session name

12.  The new session is shown and click on it to
enter it

13.  This page shows artifacts found in previous
CAPTURE files. Click browse and upload the
suspect’s CAPTURE file

14.  It may take time depending on the size of
your CAPTURE file to finish decoding and
searching for artifacts

15.  The overview shows which artifacts were
found. Use the menu on the left to navigate
through them

16.  Websites visited that were found and
extracted

17.  Xplico offers quick and easy packet analysis.
 Other data that can be extracted:
◦ RTP and SIP streams
◦ Emails
◦ Images
◦ And much more
 Always a good idea to run other carving tools
on the CAPTURE file

18.  My contact details
 C.k.harrington@gmail.com