Home Page Icon
Home Page
Table of Contents for
Table of Contents
Close
Table of Contents
by Samir Datt
Learning Network Forensics
Learning Network Forensics
Table of Contents
Learning Network Forensics
Credits
About the Author
About the Reviewers
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
1. Becoming Network 007s
007 characteristics in the network world
Bond characteristics for getting to satisfactory completion of the case
The TAARA methodology for network forensics
Identifying threats to the enterprise
Internal threats
External threats
Data breach surveys
Locard's exchange principle
Defining network forensics
Differentiating between computer forensics and network forensics
Strengthening our technical fundamentals
The seven-layer model
The TCP/IP model
Understanding the concept of interconnection between networks/Internet
Internet Protocol (IP)
Structure of an IP packet
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
Internet application protocols
Understanding network security
Types of threats
Internal threats
External threats
Network security goals
Confidentiality
Integrity
Availability
How are networks exploited?
Digital footprints
Summary
2. Laying Hands on the Evidence
Identifying sources of evidence
Evidence obtainable from within the network
Evidence from outside the network
Learning to handle the evidence
Rules for the collection of digital evidence
Rule 1: never mishandle the evidence
Rule 2: never work on the original evidence or system
Rule 3: document everything
Collecting network traffic using tcpdump
Installing tcpdump
Understanding tcpdump command parameters
Capturing network traffic using tcpdump
Collecting network traffic using Wireshark
Using Wireshark
Collecting network logs
Acquiring memory using FTK Imager
Summary
3. Capturing & Analyzing Data Packets
Tapping into network traffic
Passive and active sniffing on networks
Packet sniffing and analysis using Wireshark
Packet sniffing and analysis using NetworkMiner
Case study – tracking down an insider
Summary
4. Going Wireless
Laying the foundation – IEEE 802.11
Understanding wireless protection and security
Wired equivalent privacy
Wi-Fi protected access
Wi-Fi Protected Access II
Securing your Wi-Fi network
Discussing common attacks on Wi-Fi networks
Incidental connection
Malicious connection
Ad hoc connection
Non-traditional connections
Spoofed connections
Man-in-the-middle (MITM) connections
The denial-of-service (DoS) attack
Capturing and analyzing wireless traffic
Sniffing challenges in a Wi-Fi world
Configuring our network card
Sniffing packets with Wireshark
Analyzing wireless packet capture
Summary
5. Tracking an Intruder on the Network
Understanding Network Intrusion Detection Systems
Understanding Network Intrusion Prevention Systems
Modes of detection
Pattern matching
Anomaly detection
Differentiating between NIDS and NIPS
Using SNORT for network intrusion detection and prevention
The sniffer mode
The packet logger mode
The network intrusion detection/prevention mode
Summary
6. Connecting the Dots – Event Logs
Understanding log formats
Use case
Discovering the connection between logs and forensics
Security logs
System logs
Application logs
Practicing sensible log management
Log management infrastructure
Log management planning and policies
Analyzing network logs using Splunk
Summary
7. Proxies, Firewalls, and Routers
Getting proxies to confess
Roles proxies play
Types of proxies
Understanding proxies
Excavating the evidence
Making firewalls talk
Different types of firewalls
Packet filter firewalls
Stateful inspection firewalls
Application layer firewalls
Interpreting firewall logs
Tales routers tell
Summary
8. Smuggling Forbidden Protocols – Network Tunneling
Understanding VPNs
Types of VPNs
Remote access VPNs
Point-to-point VPNs
The AAA of VPNs
How does tunneling work?
SSH tunneling
Types of tunneling protocols
The Point-to-Point Tunneling Protocol
Layer 2 Tunneling Protocol
Secure Socket Tunneling Protocol
Various VPN vulnerabilities & logging
Summary
9. Investigating Malware – Cyber Weapons of the Internet
Knowing malware
Malware objectives
Malware origins
Trends in the evolution of malware
Malware types and their impact
Adware
Spyware
Virus
Worms
Trojans
Rootkits
Backdoors
Keyloggers
Ransomware
Browser hijackers
Botnets
Understanding malware payload behavior
Destructive
Identity theft
Espionage
Financial fraud
Theft of data
Misuse of resources
Malware attack architecture
Indicators of Compromise
Performing malware forensics
Malware insight – Gameover Zeus Trojan
Summary
10. Closing the Deal – Solving the Case
Revisiting the TAARA investigation methodology
Triggering the case
Trigger of the case
Acquiring the information and evidence
Important handling guidelines
Gathering information and acquiring the evidence
Analyzing the collected data – digging deep
Reporting the case
Action for the future
Future of network forensics
Summary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cover
Next
Next Chapter
Learning Network Forensics
Table of Contents
Learning Network Forensics
Credits
About the Author
About the Reviewers
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
1. Becoming Network 007s
007 characteristics in the network world
Bond characteristics for getting to satisfactory completion of the case
The TAARA methodology for network forensics
Identifying threats to the enterprise
Internal threats
External threats
Data breach surveys
Locard's exchange principle
Defining network forensics
Differentiating between computer forensics and network forensics
Strengthening our technical fundamentals
The seven-layer model
The TCP/IP model
Understanding the concept of interconnection between networks/Internet
Internet Protocol (IP)
Structure of an IP packet
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
Internet application protocols
Understanding network security
Types of threats
Internal threats
External threats
Network security goals
Confidentiality
Integrity
Availability
How are networks exploited?
Digital footprints
Summary
2. Laying Hands on the Evidence
Identifying sources of evidence
Evidence obtainable from within the network
Evidence from outside the network
Learning to handle the evidence
Rules for the collection of digital evidence
Rule 1: never mishandle the evidence
Rule 2: never work on the original evidence or system
Rule 3: document everything
Collecting network traffic using tcpdump
Installing tcpdump
Understanding tcpdump command parameters
Capturing network traffic using tcpdump
Collecting network traffic using Wireshark
Using Wireshark
Collecting network logs
Acquiring memory using FTK Imager
Summary
3. Capturing & Analyzing Data Packets
Tapping into network traffic
Passive and active sniffing on networks
Packet sniffing and analysis using Wireshark
Packet sniffing and analysis using NetworkMiner
Case study – tracking down an insider
Summary
4. Going Wireless
Laying the foundation – IEEE 802.11
Understanding wireless protection and security
Wired equivalent privacy
Wi-Fi protected access
Wi-Fi Protected Access II
Securing your Wi-Fi network
Discussing common attacks on Wi-Fi networks
Incidental connection
Malicious connection
Ad hoc connection
Non-traditional connections
Spoofed connections
Man-in-the-middle (MITM) connections
The denial-of-service (DoS) attack
Capturing and analyzing wireless traffic
Sniffing challenges in a Wi-Fi world
Configuring our network card
Sniffing packets with Wireshark
Analyzing wireless packet capture
Summary
5. Tracking an Intruder on the Network
Understanding Network Intrusion Detection Systems
Understanding Network Intrusion Prevention Systems
Modes of detection
Pattern matching
Anomaly detection
Differentiating between NIDS and NIPS
Using SNORT for network intrusion detection and prevention
The sniffer mode
The packet logger mode
The network intrusion detection/prevention mode
Summary
6. Connecting the Dots – Event Logs
Understanding log formats
Use case
Discovering the connection between logs and forensics
Security logs
System logs
Application logs
Practicing sensible log management
Log management infrastructure
Log management planning and policies
Analyzing network logs using Splunk
Summary
7. Proxies, Firewalls, and Routers
Getting proxies to confess
Roles proxies play
Types of proxies
Understanding proxies
Excavating the evidence
Making firewalls talk
Different types of firewalls
Packet filter firewalls
Stateful inspection firewalls
Application layer firewalls
Interpreting firewall logs
Tales routers tell
Summary
8. Smuggling Forbidden Protocols – Network Tunneling
Understanding VPNs
Types of VPNs
Remote access VPNs
Point-to-point VPNs
The AAA of VPNs
How does tunneling work?
SSH tunneling
Types of tunneling protocols
The Point-to-Point Tunneling Protocol
Layer 2 Tunneling Protocol
Secure Socket Tunneling Protocol
Various VPN vulnerabilities & logging
Summary
9. Investigating Malware – Cyber Weapons of the Internet
Knowing malware
Malware objectives
Malware origins
Trends in the evolution of malware
Malware types and their impact
Adware
Spyware
Virus
Worms
Trojans
Rootkits
Backdoors
Keyloggers
Ransomware
Browser hijackers
Botnets
Understanding malware payload behavior
Destructive
Identity theft
Espionage
Financial fraud
Theft of data
Misuse of resources
Malware attack architecture
Indicators of Compromise
Performing malware forensics
Malware insight – Gameover Zeus Trojan
Summary
10. Closing the Deal – Solving the Case
Revisiting the TAARA investigation methodology
Triggering the case
Trigger of the case
Acquiring the information and evidence
Important handling guidelines
Gathering information and acquiring the evidence
Analyzing the collected data – digging deep
Reporting the case
Action for the future
Future of network forensics
Summary
Index
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset