Book Image

Learning Network Forensics

By : Samir Datt
Book Image

Learning Network Forensics

By: Samir Datt

Overview of this book

We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.

Related Content you might be interested in

Current Title:

Small book image
Learning Network Forensics
Samir Datt
Feb, 2016 | 274 pages
No titles found
Table of Contents (17 chapters)
Learning Network Forensics
Learning Network Forensics
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Becoming Network 007s
Becoming Network 007s
007 characteristics in the network world
Identifying threats to the enterprise
Data breach surveys
Defining network forensics
Differentiating between computer forensics and network forensics
Strengthening our technical fundamentals
Understanding network security
Network security goals
Digital footprints
Summary
2
Laying Hands on the Evidence
Laying Hands on the Evidence
Identifying sources of evidence
Learning to handle the evidence
Collecting network traffic using tcpdump
Collecting network traffic using Wireshark
Collecting network logs
Acquiring memory using FTK Imager
Summary
3
Capturing & Analyzing Data Packets
Capturing & Analyzing Data Packets
Tapping into network traffic
Packet sniffing and analysis using Wireshark
Packet sniffing and analysis using NetworkMiner
Case study – tracking down an insider
Summary
4
Going Wireless
Going Wireless
Laying the foundation – IEEE 802.11
Understanding wireless protection and security
Discussing common attacks on Wi-Fi networks
Capturing and analyzing wireless traffic
Summary
5
Tracking an Intruder on the Network
Tracking an Intruder on the Network
Understanding Network Intrusion Detection Systems
Understanding Network Intrusion Prevention Systems
Modes of detection
Differentiating between NIDS and NIPS
Using SNORT for network intrusion detection and prevention
Summary
6
Connecting the Dots – Event Logs
Connecting the Dots – Event Logs
Understanding log formats
Use case
Discovering the connection between logs and forensics
Practicing sensible log management
Analyzing network logs using Splunk
Summary
7
Proxies, Firewalls, and Routers
Proxies, Firewalls, and Routers
Getting proxies to confess
Making firewalls talk
Tales routers tell
Summary
8
Smuggling Forbidden Protocols – Network Tunneling
Smuggling Forbidden Protocols – Network Tunneling
Understanding VPNs
How does tunneling work?
Types of tunneling protocols
Various VPN vulnerabilities & logging
Summary
9
Investigating Malware – Cyber Weapons of the Internet
Investigating Malware – Cyber Weapons of the Internet
Knowing malware
Trends in the evolution of malware
Malware types and their impact
Understanding malware payload behavior
Malware attack architecture
Indicators of Compromise
Performing malware forensics
Summary
10
Closing the Deal – Solving the Case
Closing the Deal – Solving the Case
Revisiting the TAARA investigation methodology
Triggering the case
Acquiring the information and evidence
Analyzing the collected data – digging deep
Reporting the case
Action for the future
Future of network forensics
Summary
Index
Index

Chapter 1. Becoming Network 007s

Welcome to the world of spies, glamor, high technology, and fast...

Wait a minute!

Are you sure you are reading the right book? Wasn't this book supposed to be about network forensics?

Yes, you are reading the right book!

Let me put you at ease. This is about network forensics. That said it also is a glamorous world full of high-tech spies and fast data (no cars, unfortunately). This is a world where the villains want to own the world (or at the very least, your digital world) and if they can't own it, they would like to destroy it.

This world needs a hero. A person who can track down spies, identify stolen secrets, beat the villains at their own game, and save the world in the bargain.

A tech-savvy, cool, and sophisticated hero! A digital 007! Come on, admit it, who doesn't fancy themselves as James Bond? Here's your chance, an opportunity to become a network 007.

Interested? Read on…

In this chapter, we will build an understanding of what we need to know in order to venture in the area of network forensics. We will cover the following topics here:

  • 007 characteristics in the network world

  • Identifying threats to the enterprise

  • Data breach surveys

  • Defining network forensics

  • Differentiating between computer forensics and network forensics

  • Strengthening our technical fundamentals

  • Understanding network security

  • Network security goals

  • Digital footprints

Previous Section
End of Section 1
Next Section