This week is talking about wireless in network forensic. There are many wireless devices, such as:
– bluetooth earphones
– wifi
– infrared devices; television remotes
– cell phones
– AM/FM radio
There are a lot of cases involving wireless network, a stolen devices like laptop or phones can be easily tracked and recover when connected to wireless network. Moreover, a network attack using wireless network can be investigated and tracked.

IEEE layer 2 protocol series, especially the 802 series, consisted of version.
1. 802.3 -> ethernet
2. 802.1q -> trunking
3. 802.1x -> LAN based authentication
4. 802.11 -> wifi with 3 different frequencies. There are 3 different frame types in this version; management frames, control frames and data frames.
Management frames is to control communication between stations, not including flow control. It is a type 0 to coordinate communication, with MAC address, SSID, BSSIDs, etc as it’s forensic benefit.
Control frames is to support flow control over available medium like RF. It is a type 1 to control the traffic flow.
Data frames is used to encapsulate the layer 3+ data that moves between stations actively and engaging communication over wireless network. It is a type 2 and contain the actual data.