In the previous chapter, we looked at various network protocol captures that define evidence in motion or data captured while in action. However, it is crucial for a network forensic investigator to have a brief knowledge of the various types of logs generated at the endpoints while traveling. These logs prove to be extremely handy when the scenario doesn't contain network captures, and it is up to the investigator to deduce and conclude the forensic investigation and reach a definitive result. Consider a situation where a company named Acme Inc. has faced a massive breach of customer data through its website, and the company hasn't kept any packet-capture files for the incoming data. In such cases, the forensic investigation solely relies on the logs generated at various endpoints, such as application servers, databases, and firewalls, as shown in...
Hands-On Network Forensics
By :
Hands-On Network Forensics
By:
Overview of this book
Network forensics is a subset of digital forensics that deals with network attacks and their investigation. In the era of network attacks and malware threat, it’s now more important than ever to have skills to investigate network attacks and vulnerabilities.
Hands-On Network Forensics starts with the core concepts within network forensics, including coding, networking, forensics tools, and methodologies for forensic investigations. You’ll then explore the tools used for network forensics, followed by understanding how to apply those tools to a PCAP file and write the accompanying report. In addition to this, you will understand how statistical flow analysis, network enumeration, tunneling and encryption, and malware detection can be used to investigate your network. Towards the end of this book, you will discover how network correlation works and how to bring all the information from different types of network devices together.
By the end of this book, you will have gained hands-on experience of performing forensics analysis tasks.
Related Content you might be interested in
Current Title:
Hands-On Network Forensics
No titles found
Table of Contents (16 chapters)
Preface
Introducing Network Forensics
Technical Concepts and Acquiring Evidence
Section 2: The Key Concepts
Deep Packet Inspection
Statistical Flow Analysis
Combatting Tunneling and Encryption
Section 3: Conducting Network Forensics
Investigating Good, Known, and Ugly Malware
Investigating C2 Servers
Investigating and Analyzing Logs
WLAN Forensics
Automated Evidence Aggregation and Analysis
Other Books You May Enjoy
Customer Reviews