Network Forensics (eBook)
John Wiley & Sons (Verlag)
978-1-119-32917-6 (ISBN)
Network Forensics provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity. This book is hands-on all the way-by dissecting packets, you gain fundamental knowledge that only comes from experience. Real packet captures and log files demonstrate network traffic investigation, and the learn-by-doing approach relates the essential skills that traditional forensics investigators may not have. From network packet analysis to host artifacts to log analysis and beyond, this book emphasizes the critical techniques that bring evidence to light.
Network forensics is a growing field, and is becoming increasingly central to law enforcement as cybercrime becomes more and more sophisticated. This book provides an unprecedented level of hands-on training to give investigators the skills they need.
- Investigate packet captures to examine network communications
- Locate host-based artifacts and analyze network logs
- Understand intrusion detection systems-and let them do the legwork
- Have the right architecture and systems in place ahead of an incident
Network data is always changing, and is never saved in one place; an investigator must understand how to examine data over time, which involves specialized skills that go above and beyond memory, mobile, or data forensics. Whether you're preparing for a security certification or just seeking deeper training for a law enforcement or IT role, you can only learn so much from concept; to thoroughly understand something, you need to do it. Network Forensics provides intensive hands-on practice with direct translation to real-world application.
RIC MESSIER has been program director for various cyber-security and computer forensics programs at Champlain College. A veteran of the networking and computer security field since the early 1980s, he has worked at large Internet service providers and small software companies. He has been responsible for the development of numerous course materials, has served on incident response teams, and has been consulted on forensic investigations for large companies.
Intensively hands-on training for real-world network forensics Network Forensics provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity. This book is hands-on all the way by dissecting packets, you gain fundamental knowledge that only comes from experience. Real packet captures and log files demonstrate network traffic investigation, and the learn-by-doing approach relates the essential skills that traditional forensics investigators may not have. From network packet analysis to host artifacts to log analysis and beyond, this book emphasizes the critical techniques that bring evidence to light. Network forensics is a growing field, and is becoming increasingly central to law enforcement as cybercrime becomes more and more sophisticated. This book provides an unprecedented level of hands-on training to give investigators the skills they need. Investigate packet captures to examine network communications Locate host-based artifacts and analyze network logs Understand intrusion detection systems and let them do the legwork Have the right architecture and systems in place ahead of an incident Network data is always changing, and is never saved in one place; an investigator must understand how to examine data over time, which involves specialized skills that go above and beyond memory, mobile, or data forensics. Whether you're preparing for a security certification or just seeking deeper training for a law enforcement or IT role, you can only learn so much from concept; to thoroughly understand something, you need to do it. Network Forensics provides intensive hands-on practice with direct translation to real-world application.
RIC MESSIER has been program director for various cyber-security and computer forensics programs at Champlain College. A veteran of the networking and computer security field since the early 1980s, he has worked at large Internet service providers and small software companies. He has been responsible for the development of numerous course materials, has served on incident response teams, and has been consulted on forensic investigations for large companies.
Cover 1
Title Page 5
Copyright 6
About the Author 9
About the Technical Editor 11
Credits 13
Contents 17
Introduction 23
What This Book Covers 23
How to Use This Book 24
How This Book Is Organized 25
Chapter 1: Introduction to Network Forensics 29
What Is Forensics? 31
Handling Evidence 32
Cryptographic Hashes 33
Chain of Custody 36
Incident Response 36
The Need for Network Forensic Practitioners 38
Summary 39
References 40
Chapter 2: Networking Basics 41
Protocols 42
Open Systems Interconnection (OSI) Model 44
TCP/IP Protocol Suite 46
Protocol Data Units 47
Request for Comments 48
Internet Registries 51
Internet Protocol and Addressing 53
Internet Protocol Addresses 56
Internet Control Message Protocol (ICMP) 59
Internet Protocol Version 6 (IPv6) 59
Transmission Control Protocol (TCP) 61
Connection-Oriented Transport 64
User Datagram Protocol (UDP) 66
Connectionless Transport 67
Ports 68
Domain Name System 70
Support Protocols (DHCP) 74
Support Protocols (ARP) 76
Summary 77
References 79
Chapter 3: Host-Side Artifacts 81
Services 82
Connections 88
Tools 90
netstat 91
nbstat 94
ifconfig/ipconfig 96
Sysinternals 97
ntop 101
Task Manager/Resource Monitor 103
ARP 105
/proc Filesystem 106
Summary 107
Chapter 4: Packet Capture and Analysis 109
Capturing Packets 110
Tcpdump/Tshark 112
Wireshark 117
Taps 119
Port Spanning 121
ARP Spoofing 122
Passive Scanning 124
Packet Analysis with Wireshark 126
Packet Decoding 126
Filtering 129
Statistics 130
Following Streams 133
Gathering Files 134
Network Miner 136
Summary 138
Chapter 5: Attack Types 141
Denial of Service Attacks 142
SYN Floods 143
Malformed Packets 146
UDP Floods 150
Amplification Attacks 152
Distributed Attacks 154
Backscatter 156
Vulnerability Exploits 158
Insider Threats 160
Evasion 162
Application Attacks 164
Summary 168
Chapter 6: Location Awareness 171
Time Zones 172
Using whois 175
Traceroute 178
Geolocation 181
Location-Based Services 184
WiFi Positioning 185
Summary 186
Chapter 7: Preparing for Attacks 187
NetFlow 188
Logging 193
Syslog 194
Windows Event Logs 199
Firewall Logs 201
Router and Switch Logs 205
Log Servers and Monitors 206
Antivirus 208
Incident Response Preparation 209
Google Rapid Response 210
Commercial Offerings 210
Security Information and Event Management 211
Summary 213
Chapter 8: Intrusion Detection Systems 215
Detection Styles 216
Signature-Based 216
Heuristic 217
Host-Based versus Network-Based 218
Snort 219
Suricata and Sagan 229
Bro 231
Tripwire 233
OSSEC 234
Architecture 234
Alerting 235
Summary 236
Chapter 9: Using Firewall and Application Logs 239
Syslog 240
Centralized Logging 244
Reading Log Messages 248
LogWatch 250
Event Viewer 252
Querying Event Logs 255
Clearing Event Logs 259
Firewall Logs 261
Proxy Logs 264
Web Application Firewall Logs 266
Common Log Format 268
Summary 271
Chapter 10: Correlating Attacks 273
Time Synchronization 274
Time Zones 274
Network Time Protocol 275
Packet Capture Times 277
Log Aggregation and Management 279
Windows Event Forwarding 279
Syslog 280
Log Management Offerings 282
Timelines 285
Plaso 286
PacketTotal 287
Wireshark 289
Security Information and Event Management 290
Summary 291
Chapter 11: Network Scanning 293
Port Scanning 294
Operating System Analysis 299
Scripts 301
Banner Grabbing 303
Ping Sweeps 306
Vulnerability Scanning 308
Port Knocking 313
Tunneling 314
Passive Data Gathering 315
Summary 317
Chapter 12: Final Considerations 319
Encryption 320
Keys 321
Symmetric 322
Asymmetric 323
Hybrid 324
SSL/TLS 325
Cloud Computing 334
Infrastructure as a Service 334
Storage as a Service 337
Software as a Service 338
Other Factors 339
The Onion Router (TOR) 342
Summary 345
Index 347
EULA 360
| Erscheint lt. Verlag | 13.7.2017 |
|---|---|
| Sprache | englisch |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Schlagworte | Computer Science • cybercrime • cybercrime evidence gathering • cybercrime training • cybersecurity • cybersecurity certification • data forensics • digital forensics • forensics analyst • GCIH prep • GIAC prep • hands-on network forensics • Informatik • Intrusion Detection Systems • investigating cybercrime • IT forensics • law enforcement IT • log analysis • monitoring network traffic • network communications analysis • network forensics • network forensics training • Networking / Security • network investigation • Network Security • Netzwerke / Sicherheit • Netzwerksicherheit • packet analysis • packet capture analysis |
| ISBN-10 | 1-119-32917-5 / 1119329175 |
| ISBN-13 | 978-1-119-32917-6 / 9781119329176 |
| Informationen gemäß Produktsicherheitsverordnung (GPSR) | |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
