Hands-On Network Forensics

More Information
Learn
  • Discover and interpret encrypted traffic
  • Learn about various protocols
  • Understand the malware language over wire
  • Gain insights into the most widely used malware
  • Correlate data collected from attacks
  • Develop tools and custom scripts for network forensics automation
About

Network forensics is a subset of digital forensics that deals with network attacks and their investigation. In the era of network attacks and malware threat, it’s now more important than ever to have skills to investigate network attacks and vulnerabilities.

Hands-On Network Forensics starts with the core concepts within network forensics, including coding, networking, forensics tools, and methodologies for forensic investigations. You’ll then explore the tools used for network forensics, followed by understanding how to apply those tools to a PCAP file and write the accompanying report. In addition to this, you will understand how statistical flow analysis, network enumeration, tunneling and encryption, and malware detection can be used to investigate your network. Towards the end of this book, you will discover how network correlation works and how to bring all the information from different types of network devices together.

By the end of this book, you will have gained hands-on experience of performing forensics analysis tasks.

Features
  • Investigate network threats with ease
  • Practice forensics tasks such as intrusion detection, network analysis, and scanning
  • Learn forensics investigation at the network level
Page Count 358
Course Length 10 hours 44 minutes
ISBN 9781789344523
Date Of Publication 30 Mar 2019
Technical requirements
The flow record and flow-record processing systems (FRPS) 
Sensor deployment types
Analyzing the flow
Summary
Questions
 Further reading
Technical requirements
Decoding the Metasploit shell
Case study – decrypting the Metasploit Reverse HTTPS Shellcode
Analyzing Empire C2
Case study – CERT.SE's major fraud and hacking criminal case, B 8322-16
Summary
Questions and exercises
Further reading

Authors

Nipun Jaswal

Nipun Jaswal is an International Cyber Security Author and an award-winning IT security researcher with a decade of experience in penetration testing, vulnerability research, surveillance and monitoring solutions, and RF and wireless hacking. He is currently working as an Associate Partner in Lucideus where he is leading services such as red teaming and vulnerability research along with other enterprise customer services. He has authored Metasploit Bootcamp and Mastering Metasploit, and co-authored the Metasploit Revealed set of books. In addition to this, he has authored numerous articles and exploits that can be found on popular security databases, such as Packet Storm and Exploit-DB. Please feel free to contact him at @nipunjaswal.