Overview of WiFi forensics
What is WiFi forensics?
WiFi forensics captures WiFi traffic and the energy in the electromagnetic spectrum that WiFi uses, then applies analysis techniques and tools to find the underlying causes of WiFi problems.
Why is WiFi forensics necessary?
The WiFi standard continues to become more complex and there is a growing diversity of devices using WiFi for an expanding range of reasons in electromagnetic spectrum that is becoming more heavily used.
These factors combine to increase the complexity in WiFi environments, creating more opportunities for problems that are difficult to understand.
Often problems are due to WiFi devices not being coordinated to share the electromagnetic spectrum effectively.
In fact, it is quite common to find that multiple configuration options are not set optimally.
By capturing and analysing WiFi traffic, many kinds of WiFi problems and their causes can be identified, and so remedied.
Also, capturing and analysing WiFi traffic can be the only way to learn about WiFi devices that are not yours, but that affect your WiFi network.
Radio frequency spectrum
WiFi devices share electromagnetic spectrum with many other kinds of devices.
Currently, very few of those kinds of devices cooperate to share the spectrum.
Additionally, there can be energy emissions in that spectrum that are not transmissions.
Problems arise when multiple transmissions use the same spectrum at the same time, and when transmissions meet emissions.
Analysing energy patterns in the electromagnetic spectrum that WiFi uses is necessary to identify some of these kinds of problems.
All WiFi equipment has built-in software called firmware, and all WiFi firmware has issues.
They range from parts of the WiFi standard that have not been implemented, which is true of all devices, to debilitating software bugs.
Occasionally, how standards are implemented can create incompatibility problems between combinations of WiFi equipment.
Thus, WiFi equipment may not do what is expected.
To some extent this is can be understood by looking at their advertised capabilities.
In other cases, it’s necessary to know of implementation issues, publicly admitted by the maker, or not.