Learning Network Forensics

Identify and safeguard your network against both internal and external threats, hackers, and malware attacks

Learning Network Forensics

Learning
Samir Datt

9 customer reviews
Identify and safeguard your network against both internal and external threats, hackers, and malware attacks
$39.99
$49.99
RRP $39.99
RRP $49.99
eBook
Print + eBook

Instantly access this course right now and get the skills you need in 2017

With unlimited access to a constantly growing library of over 4,000 eBooks and Videos, a subscription to Mapt gives you everything you need to learn new skills. Cancel anytime.

Code Files
Free Sample

Book Details

ISBN 139781782174905
Paperback274 pages

Book Description

We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network.

The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.

Table of Contents

Chapter 1: Becoming Network 007s
007 characteristics in the network world
Identifying threats to the enterprise
Data breach surveys
Defining network forensics
Differentiating between computer forensics and network forensics
Strengthening our technical fundamentals
Understanding network security
Network security goals
Digital footprints
Summary
Chapter 2: Laying Hands on the Evidence
Identifying sources of evidence
Learning to handle the evidence
Collecting network traffic using tcpdump
Collecting network traffic using Wireshark
Collecting network logs
Acquiring memory using FTK Imager
Summary
Chapter 3: Capturing & Analyzing Data Packets
Tapping into network traffic
Packet sniffing and analysis using Wireshark
Packet sniffing and analysis using NetworkMiner
Case study – tracking down an insider
Summary
Chapter 4: Going Wireless
Laying the foundation – IEEE 802.11
Understanding wireless protection and security
Discussing common attacks on Wi-Fi networks
Capturing and analyzing wireless traffic
Summary
Chapter 5: Tracking an Intruder on the Network
Understanding Network Intrusion Detection Systems
Understanding Network Intrusion Prevention Systems
Modes of detection
Differentiating between NIDS and NIPS
Using SNORT for network intrusion detection and prevention
Summary
Chapter 6: Connecting the Dots – Event Logs
Understanding log formats
Use case
Discovering the connection between logs and forensics
Practicing sensible log management
Analyzing network logs using Splunk
Summary
Chapter 7: Proxies, Firewalls, and Routers
Getting proxies to confess
Making firewalls talk
Tales routers tell
Summary
Chapter 8: Smuggling Forbidden Protocols – Network Tunneling
Understanding VPNs
How does tunneling work?
Types of tunneling protocols
Various VPN vulnerabilities & logging
Summary
Chapter 9: Investigating Malware – Cyber Weapons of the Internet
Knowing malware
Trends in the evolution of malware
Malware types and their impact
Understanding malware payload behavior
Malware attack architecture
Indicators of Compromise
Performing malware forensics
Summary
Chapter 10: Closing the Deal – Solving the Case
Revisiting the TAARA investigation methodology
Triggering the case
Acquiring the information and evidence
Analyzing the collected data – digging deep
Reporting the case
Action for the future
Future of network forensics
Summary

What You Will Learn

  • Understand Internetworking, sources of network-based evidence and other basic technical fundamentals, including the tools that will be used throughout the book
  • Acquire evidence using traffic acquisition software and know how to manage and handle the evidence
  • Perform packet analysis by capturing and collecting data, along with content analysis
  • Locate wireless devices, as well as capturing and analyzing wireless traffic data packets
  • Implement protocol analysis and content matching; acquire evidence from NIDS/NIPS
  • Act upon the data and evidence gathered by being able to connect the dots and draw links between various events
  • Apply logging and interfaces, along with analyzing web proxies and understanding encrypted web traffic
  • Use IOCs (Indicators of Compromise) and build real-world forensic solutions, dealing with malware

Authors

Table of Contents

Chapter 1: Becoming Network 007s
007 characteristics in the network world
Identifying threats to the enterprise
Data breach surveys
Defining network forensics
Differentiating between computer forensics and network forensics
Strengthening our technical fundamentals
Understanding network security
Network security goals
Digital footprints
Summary
Chapter 2: Laying Hands on the Evidence
Identifying sources of evidence
Learning to handle the evidence
Collecting network traffic using tcpdump
Collecting network traffic using Wireshark
Collecting network logs
Acquiring memory using FTK Imager
Summary
Chapter 3: Capturing & Analyzing Data Packets
Tapping into network traffic
Packet sniffing and analysis using Wireshark
Packet sniffing and analysis using NetworkMiner
Case study – tracking down an insider
Summary
Chapter 4: Going Wireless
Laying the foundation – IEEE 802.11
Understanding wireless protection and security
Discussing common attacks on Wi-Fi networks
Capturing and analyzing wireless traffic
Summary
Chapter 5: Tracking an Intruder on the Network
Understanding Network Intrusion Detection Systems
Understanding Network Intrusion Prevention Systems
Modes of detection
Differentiating between NIDS and NIPS
Using SNORT for network intrusion detection and prevention
Summary
Chapter 6: Connecting the Dots – Event Logs
Understanding log formats
Use case
Discovering the connection between logs and forensics
Practicing sensible log management
Analyzing network logs using Splunk
Summary
Chapter 7: Proxies, Firewalls, and Routers
Getting proxies to confess
Making firewalls talk
Tales routers tell
Summary
Chapter 8: Smuggling Forbidden Protocols – Network Tunneling
Understanding VPNs
How does tunneling work?
Types of tunneling protocols
Various VPN vulnerabilities & logging
Summary
Chapter 9: Investigating Malware – Cyber Weapons of the Internet
Knowing malware
Trends in the evolution of malware
Malware types and their impact
Understanding malware payload behavior
Malware attack architecture
Indicators of Compromise
Performing malware forensics
Summary
Chapter 10: Closing the Deal – Solving the Case
Revisiting the TAARA investigation methodology
Triggering the case
Acquiring the information and evidence
Analyzing the collected data – digging deep
Reporting the case
Action for the future
Future of network forensics
Summary

Book Details

ISBN 139781782174905
Paperback274 pages
Read More
From 9 reviews

Read More Reviews