Many tools help to aid statistical flow analysis. The most common ones are Yet Another Flowmeter (YAF), System for Internet-Level Knowledge (SiLK), iSiLK, Argus, Wireshark, and Bro. While most of them provide a similar set of features, we will primarily be discussing YAF and SiLK being open source and easily gettable. We discussed IPFIX a bit in the previous section. Let's see how we can convert a PCAP file into an IPFIX-enabled format through YAF. YAF is a tool that processes packets from pcap files or live captures from network interfaces into bidirectional flows to an IPFIX-oriented file format. The output retrieved from YAF can be fed to popular tools, such as SiLK and other IPFIX-compliant tools. YAF contains two primary tools, one is YAF itself, and the other is yafascii, which prints data in the ASCII format based on the IPFIX-enabled input...
Hands-On Network Forensics
By :
Hands-On Network Forensics
By:
Overview of this book
Network forensics is a subset of digital forensics that deals with network attacks and their investigation. In the era of network attacks and malware threat, it’s now more important than ever to have skills to investigate network attacks and vulnerabilities.
Hands-On Network Forensics starts with the core concepts within network forensics, including coding, networking, forensics tools, and methodologies for forensic investigations. You’ll then explore the tools used for network forensics, followed by understanding how to apply those tools to a PCAP file and write the accompanying report. In addition to this, you will understand how statistical flow analysis, network enumeration, tunneling and encryption, and malware detection can be used to investigate your network. Towards the end of this book, you will discover how network correlation works and how to bring all the information from different types of network devices together.
By the end of this book, you will have gained hands-on experience of performing forensics analysis tasks.
Related Content you might be interested in
Current Title:
Hands-On Network Forensics
No titles found
Table of Contents (16 chapters)
Preface
Introducing Network Forensics
Technical Concepts and Acquiring Evidence
Section 2: The Key Concepts
Deep Packet Inspection
Statistical Flow Analysis
Combatting Tunneling and Encryption
Section 3: Conducting Network Forensics
Investigating Good, Known, and Ugly Malware
Investigating C2 Servers
Investigating and Analyzing Logs
WLAN Forensics
Automated Evidence Aggregation and Analysis
Other Books You May Enjoy
Customer Reviews