Network Forensics
Network Forensics
Click to enlarge
Author(s): Messier, Ric
ISBN No.: 9781119329190
Pages: 368
Year: 201707
Format: E-Book
Price: $ 102.17
Status: Out Of Print

Introduction xxi 1 Introduction to Network Forensics 1 What Is Forensics? 3 Handling Evidence 4 Cryptographic Hashes 5 Chain of Custody 8 Incident Response 8 The Need for Network Forensic Practitioners 10 Summary 11 References 12 2 Networking Basics 13 Protocols 14 Open Systems Interconnection (OSI) Model 16 TCP/IP Protocol Suite 18 Protocol Data Units 19 Request for Comments 20 Internet Registries 23 Internet Protocol and Addressing 25 Internet Protocol Addresses 28 Internet Control Message Protocol (ICMP) 31 Internet Protocol Version 6 (IPv6) 31 Transmission Control Protocol (TCP) 33 Connection-Oriented Transport 36 User Datagram Protocol (UDP) 38 Connectionless Transport 39 Ports 40 Domain Name System 42 Support Protocols (DHCP) 46 Support Protocols (ARP) 48 Summary 49 References 51 3 Host-Side Artifacts 53 Services 54 Connections 60 Tools 62 netstat 63 nbstat 66 ifconfi g/ipconfi g 68 Sysinternals 69 ntop 73 Task Manager/Resource Monitor 75 ARP 77 /proc Filesystem 78 Summary 79 4 Packet Capture and Analysis 81 Capturing Packets 82 Tcpdump/Tshark 84 Wireshark 89 Taps 91 Port Spanning 93 ARP Spoofi ng 94 Passive Scanning 96 Packet Analysis with Wireshark 98 Packet Decoding 98 Filtering 101 Statistics 102 Following Streams 105 Gathering Files 106 Network Miner 108 Summary 110 5 Attack Types 113 Denial of Service Attacks 114 SYN Floods 115 Malformed Packets 118 UDP Floods 122 Amplifi cation Attacks 124 Distributed Attacks 126 Backscatter 128 Vulnerability Exploits 130 Insider Threats 132 Evasion 134 Application Attacks 136 Summary 140 6 Location Awareness 143 Time Zones 144 Using whois 147 Traceroute 150 Geolocation 153 Location-Based Services 156 WiFi Positioning 157 Summary 158 7 Preparing for Attacks 159 NetFlow 160 Logging 165 Syslog 166 Windows Event Logs 171 Firewall Logs 173 Router and Switch Logs 177 Log Servers and Monitors 178 Antivirus 180 Incident Response Preparation 181 Google Rapid Response 182 Commercial Offerings 182 Security Information and Event Management 183 Summary 185 8 Intrusion Detection Systems 187 Detection Styles 188 Signature-Based 188 Heuristic 189 Host-Based versus Network-Based 190 Snort 191 Suricata and Sagan 201 Bro 203 Tripwire 205 OSSEC 206 Architecture 206 Alerting 207 Summary 208 9 Using Firewall and Application Logs 211 Syslog 212 Centralized Logging 216 Reading Log Messages 220 LogWatch 222 Event Viewer 224 Querying Event Logs 227 Clearing Event Logs 231 Firewall Logs 233 Proxy Logs 236 Web Application Firewall Logs 238 Common Log Format 240 Summary 243 10 Correlating Attacks 245 Time Synchronization 246 Time Zones 246 Network Time Protocol 247 Packet Capture Times 249 Log Aggregation and Management 251 Windows Event Forwarding 251 Syslog 252 Log Management Offerings 254 Timelines 257 Plaso 258 PacketTotal 259 Wireshark 261 Security Information and Event Management 262 Summary 263 11 Network Scanning 265 Port Scanning 266 Operating System Analysis 271 Scripts 273 Banner Grabbing 275 Ping Sweeps 278 Vulnerability Scanning 280 Port Knocking 285 Tunneling 286 Passive Data Gathering 287 Summary 289 12 Final Considerations 291 Encryption 292 Keys 293 Symmetric 294 Asymmetric 295 Hybrid 296 SSL/TLS 297 Cloud Computing 306 Infrastructure as a Service 306 Storage as a Service 309 Software as a Service 310 Other Factors 311 The Onion Router (TOR) 314 Summary 317 Index 319.


To be able to view the table of contents for this publication then please subscribe by clicking the button below...
To be able to view the full description for this publication then please subscribe by clicking the button below...