57,90 €*
Versandkostenfrei per Post / DHL
Aktuell nicht verfügbar
Network Forensics provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity. This book is hands-on all the way--by dissecting packets, you gain fundamental knowledge that only comes from experience. Real packet captures and log files demonstrate network traffic investigation, and the learn-by-doing approach relates the essential skills that traditional forensics investigators may not have. From network packet analysis to host artifacts to log analysis and beyond, this book emphasizes the critical techniques that bring evidence to light.
Network forensics is a growing field, and is becoming increasingly central to law enforcement as cybercrime becomes more and more sophisticated. This book provides an unprecedented level of hands-on training to give investigators the skills they need.
* Investigate packet captures to examine network communications
* Locate host-based artifacts and analyze network logs
* Understand intrusion detection systems--and let them do the legwork
* Have the right architecture and systems in place ahead of an incident
Network data is always changing, and is never saved in one place; an investigator must understand how to examine data over time, which involves specialized skills that go above and beyond memory, mobile, or data forensics. Whether you're preparing for a security certification or just seeking deeper training for a law enforcement or IT role, you can only learn so much from concept; to thoroughly understand something, you need to do it. Network Forensics provides intensive hands-on practice with direct translation to real-world application.
Network Forensics provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity. This book is hands-on all the way--by dissecting packets, you gain fundamental knowledge that only comes from experience. Real packet captures and log files demonstrate network traffic investigation, and the learn-by-doing approach relates the essential skills that traditional forensics investigators may not have. From network packet analysis to host artifacts to log analysis and beyond, this book emphasizes the critical techniques that bring evidence to light.
Network forensics is a growing field, and is becoming increasingly central to law enforcement as cybercrime becomes more and more sophisticated. This book provides an unprecedented level of hands-on training to give investigators the skills they need.
* Investigate packet captures to examine network communications
* Locate host-based artifacts and analyze network logs
* Understand intrusion detection systems--and let them do the legwork
* Have the right architecture and systems in place ahead of an incident
Network data is always changing, and is never saved in one place; an investigator must understand how to examine data over time, which involves specialized skills that go above and beyond memory, mobile, or data forensics. Whether you're preparing for a security certification or just seeking deeper training for a law enforcement or IT role, you can only learn so much from concept; to thoroughly understand something, you need to do it. Network Forensics provides intensive hands-on practice with direct translation to real-world application.
1 Introduction to Network Forensics 1
What Is Forensics? 3
Handling Evidence 4
Cryptographic Hashes 5
Chain of Custody 8
Incident Response 8
The Need for Network Forensic Practitioners 10
Summary 11
References 12
2 Networking Basics 13
Protocols 14
Open Systems Interconnection (OSI) Model 16
TCP/IP Protocol Suite 18
Protocol Data Units 19
Request for Comments 20
Internet Registries 23
Internet Protocol and Addressing 25
Internet Protocol Addresses 28
Internet Control Message Protocol (ICMP) 31
Internet Protocol Version 6 (IPv6) 31
Transmission Control Protocol (TCP) 33
Connection-Oriented Transport 36
User Datagram Protocol (UDP) 38
Connectionless Transport 39
Ports 40
Domain Name System 42
Support Protocols (DHCP) 46
Support Protocols (ARP) 48
Summary 49
References 51
3 Host-Side Artifacts 53
Services 54
Connections 60
Tools 62
netstat 63
nbstat 66
ifconfi g/ipconfi g 68
Sysinternals 69
ntop 73
Task Manager/Resource Monitor 75
ARP 77
/proc Filesystem 78
Summary 79
4 Packet Capture and Analysis 81
Capturing Packets 82
Tcpdump/Tshark 84
Wireshark 89
Taps 91
Port Spanning 93
ARP Spoofi ng 94
Passive Scanning 96
Packet Analysis with Wireshark 98
Packet Decoding 98
Filtering 101
Statistics 102
Following Streams 105
Gathering Files 106
Network Miner 108
Summary 110
5 Attack Types 113
Denial of Service Attacks 114
SYN Floods 115
Malformed Packets 118
UDP Floods 122
Amplifi cation Attacks 124
Distributed Attacks 126
Backscatter 128
Vulnerability Exploits 130
Insider Threats 132
Evasion 134
Application Attacks 136
Summary 140
6 Location Awareness 143
Time Zones 144
Using whois 147
Traceroute 150
Geolocation 153
Location-Based Services 156
WiFi Positioning 157
Summary 158
7 Preparing for Attacks 159
NetFlow 160
Logging 165
Syslog 166
Windows Event Logs 171
Firewall Logs 173
Router and Switch Logs 177
Log Servers and Monitors 178
Antivirus 180
Incident Response Preparation 181
Google Rapid Response 182
Commercial Offerings 182
Security Information and Event Management 183
Summary 185
8 Intrusion Detection Systems 187
Detection Styles 188
Signature-Based 188
Heuristic 189
Host-Based versus Network-Based 190
Snort 191
Suricata and Sagan 201
Bro 203
Tripwire 205
OSSEC 206
Architecture 206
Alerting 207
Summary 208
9 Using Firewall and Application Logs 211
Syslog 212
Centralized Logging 216
Reading Log Messages 220
LogWatch 222
Event Viewer 224
Querying Event Logs 227
Clearing Event Logs 231
Firewall Logs 233
Proxy Logs 236
| Erscheinungsjahr: | 2017 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Taschenbuch |
| Seiten: | 360 |
| Inhalt: | 360 S. |
| ISBN-13: | 9781119328285 |
| ISBN-10: | 1119328284 |
| Sprache: | Englisch |
| Herstellernummer: | 1W119328280 |
| Autor: | Messier, Ric |
| Auflage: | 1. Auflage |
| Hersteller: |
Wiley
Wiley & Sons |
| Maße: | 234 x 189 x 18 mm |
| Von/Mit: | Ric Messier |
| Erscheinungsdatum: | 15.09.2017 |
| Gewicht: | 0,613 kg |
1 Introduction to Network Forensics 1
What Is Forensics? 3
Handling Evidence 4
Cryptographic Hashes 5
Chain of Custody 8
Incident Response 8
The Need for Network Forensic Practitioners 10
Summary 11
References 12
2 Networking Basics 13
Protocols 14
Open Systems Interconnection (OSI) Model 16
TCP/IP Protocol Suite 18
Protocol Data Units 19
Request for Comments 20
Internet Registries 23
Internet Protocol and Addressing 25
Internet Protocol Addresses 28
Internet Control Message Protocol (ICMP) 31
Internet Protocol Version 6 (IPv6) 31
Transmission Control Protocol (TCP) 33
Connection-Oriented Transport 36
User Datagram Protocol (UDP) 38
Connectionless Transport 39
Ports 40
Domain Name System 42
Support Protocols (DHCP) 46
Support Protocols (ARP) 48
Summary 49
References 51
3 Host-Side Artifacts 53
Services 54
Connections 60
Tools 62
netstat 63
nbstat 66
ifconfi g/ipconfi g 68
Sysinternals 69
ntop 73
Task Manager/Resource Monitor 75
ARP 77
/proc Filesystem 78
Summary 79
4 Packet Capture and Analysis 81
Capturing Packets 82
Tcpdump/Tshark 84
Wireshark 89
Taps 91
Port Spanning 93
ARP Spoofi ng 94
Passive Scanning 96
Packet Analysis with Wireshark 98
Packet Decoding 98
Filtering 101
Statistics 102
Following Streams 105
Gathering Files 106
Network Miner 108
Summary 110
5 Attack Types 113
Denial of Service Attacks 114
SYN Floods 115
Malformed Packets 118
UDP Floods 122
Amplifi cation Attacks 124
Distributed Attacks 126
Backscatter 128
Vulnerability Exploits 130
Insider Threats 132
Evasion 134
Application Attacks 136
Summary 140
6 Location Awareness 143
Time Zones 144
Using whois 147
Traceroute 150
Geolocation 153
Location-Based Services 156
WiFi Positioning 157
Summary 158
7 Preparing for Attacks 159
NetFlow 160
Logging 165
Syslog 166
Windows Event Logs 171
Firewall Logs 173
Router and Switch Logs 177
Log Servers and Monitors 178
Antivirus 180
Incident Response Preparation 181
Google Rapid Response 182
Commercial Offerings 182
Security Information and Event Management 183
Summary 185
8 Intrusion Detection Systems 187
Detection Styles 188
Signature-Based 188
Heuristic 189
Host-Based versus Network-Based 190
Snort 191
Suricata and Sagan 201
Bro 203
Tripwire 205
OSSEC 206
Architecture 206
Alerting 207
Summary 208
9 Using Firewall and Application Logs 211
Syslog 212
Centralized Logging 216
Reading Log Messages 220
LogWatch 222
Event Viewer 224
Querying Event Logs 227
Clearing Event Logs 231
Firewall Logs 233
Proxy Logs 236
| Erscheinungsjahr: | 2017 |
|---|---|
| Fachbereich: | Datenkommunikation, Netze & Mailboxen |
| Genre: | Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Taschenbuch |
| Seiten: | 360 |
| Inhalt: | 360 S. |
| ISBN-13: | 9781119328285 |
| ISBN-10: | 1119328284 |
| Sprache: | Englisch |
| Herstellernummer: | 1W119328280 |
| Autor: | Messier, Ric |
| Auflage: | 1. Auflage |
| Hersteller: |
Wiley
Wiley & Sons |
| Maße: | 234 x 189 x 18 mm |
| Von/Mit: | Ric Messier |
| Erscheinungsdatum: | 15.09.2017 |
| Gewicht: | 0,613 kg |
Ähnliche Produkte
Lieferzeit 1-2 Wochen
Lieferzeit 1-2 Wochen
Lieferzeit 1-2 Werktage
Lieferzeit 1-2 Wochen
Lieferzeit 2-3 Wochen
Lieferzeit 1-2 Wochen
Lieferzeit 1-2 Wochen
Lieferzeit 4-7 Werktage