"The end game is what really counts!" | ||
--Samir Datt |
Our journey, so far, has been an interesting one. As we traversed this ocean of network forensics, we stopped at numerous stops and islands on the way to enhance our understanding of the environment. These stops have helped us understand the various tools, technologies, and techniques that are required to conduct a network forensic investigation. We have seen the use of memory forensics that allow us to create images of RAM contents, how packet sniffers allow us to grab network data, and also how various intrusion detection and prevention servers play a role in the defense of the network. An analysis of the logs generated by proxies, firewalls, and intrusion detection and prevention systems have helped us gain an insight into networks, their behavior, and the various forensic artifacts left behind for us to find as evidence of malicious activity. We have also studied about malicious software and its various kinds and how malware affects our systems and the various steps involved in its investigations. As our travel across the ocean comes to an end, we need to stitch our knowledge together to form a map of our journey through network forensics and see how we can put all this knowledge to good use in an integrated manner.
In this final chapter, we will cover the finer aspects and provide the finishing touches to successfully take up, handle, investigate, and close a network forensics case.
Now it's time for all the Network 007s to take this final journey together through our network to learn the end game. That's what really counts!
We will solve our case according to the following steps:
Let's do a quick review of the TAARA network forensics and incident response methodology.
As we learned in Chapter 1, Becoming Network 007s, TAARA stands for the following:
The following image gives us an overview of the network forensics investigative methodology, TAARA:
3.137.183.210