Book Image

Learning Network Forensics

By : Samir Datt
Book Image

Learning Network Forensics

By: Samir Datt

Overview of this book

We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.
Table of Contents (17 chapters)
Learning Network Forensics
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Understanding log formats


At the beginning of this chapter, we discussed how logs keep track of the four Ws related to an event. These were the when, where, who, and what of the event. Let's understand how each of these is done in a bit more detail in the following table:

 

Attribute

Remarks

When

  • Log date and time

  • Event date and time

The log date and time can be different from that of an event in some cases, such as in situations where the event data is remotely collected at intermittent times

Where

  • Application ID

  • Application address

  • Service

  • Geolocation

  • Window/ webpage/ form

  • Application name and version

  • System or server name, IP address, port number, and local device ID

  • Name and protocol

  • Latitude and longitude, where applicable

  • Entry-point URL, webpage entry-point URL, dialogue box, and so on

Who

  • Code location

Path and name of the code module/script

What

  • Event type

  • Event severity

  • Event flag

  • Event description

  • For example, log in, log out, access, delete, and so on

  • For example, critical...