Book Image

Hands-On Network Forensics

By : Nipun Jaswal
2 (2)
Book Image

Hands-On Network Forensics

2 (2)
By: Nipun Jaswal

Overview of this book

Network forensics is a subset of digital forensics that deals with network attacks and their investigation. In the era of network attacks and malware threat, it’s now more important than ever to have skills to investigate network attacks and vulnerabilities. Hands-On Network Forensics starts with the core concepts within network forensics, including coding, networking, forensics tools, and methodologies for forensic investigations. You’ll then explore the tools used for network forensics, followed by understanding how to apply those tools to a PCAP file and write the accompanying report. In addition to this, you will understand how statistical flow analysis, network enumeration, tunneling and encryption, and malware detection can be used to investigate your network. Towards the end of this book, you will discover how network correlation works and how to bring all the information from different types of network devices together. By the end of this book, you will have gained hands-on experience of performing forensics analysis tasks.
Table of Contents (16 chapters)
Free Chapter
1
Section 1: Obtaining the Evidence
4
Section 2: The Key Concepts
8
Section 3: Conducting Network Forensics

Combatting Tunneling and Encryption

In the last few chapters, we saw how we can capture network packets and gain deep insights into them using various tools and techniques. However, what if the data traveling across the network using a DNS query is not carrying a DNS payload? Alternatively, what if the data makes no sense from the packets under observation? To answer these questions, we will have a look at various stepping stones in our journey of effectively conducting network forensics. The data is sometimes encrypted using TLS, SSL, custom encryption mechanisms, or WEP/ WPA2 in the wireless space. In this chapter, we will look at combating these hurdles and obtaining meaningful data behind the closed doors of encryption.

We will look at the following topics:

  • Decrypting TLS using browsers
  • Decoding a malicious DNS tunnel
  • Decrypting 802.11 packets
  • Decoding keyboard captures
...