Book Image

Learning Network Forensics

By : Samir Datt
Book Image

Learning Network Forensics

By: Samir Datt

Overview of this book

We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.
Table of Contents (17 chapters)
Learning Network Forensics
About the Author
About the Reviewers

Chapter 10. Closing the Deal – Solving the Case


"The end game is what really counts!"

 --Samir Datt

Our journey, so far, has been an interesting one. As we traversed this ocean of network forensics, we stopped at numerous stops and islands on the way to enhance our understanding of the environment. These stops have helped us understand the various tools, technologies, and techniques that are required to conduct a network forensic investigation. We have seen the use of memory forensics that allow us to create images of RAM contents, how packet sniffers allow us to grab network data, and also how various intrusion detection and prevention servers play a role in the defense of the network. An analysis of the logs generated by proxies, firewalls, and intrusion detection and prevention systems have helped us gain an insight into networks, their behavior, and the various forensic artifacts left behind for us to find as evidence of malicious activity. We have also studied about malicious software...