Book Image

Learning Network Forensics

By : Samir Datt
Book Image

Learning Network Forensics

By: Samir Datt

Overview of this book

We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.
Table of Contents (17 chapters)
Learning Network Forensics
About the Author
About the Reviewers

Action for the future

Once any incident is over and done with, the team needs to focus on the lessons learned. From an incident response perspective, the focus is on answering questions such as the following:

  • How did this happen?

  • What can we do to prevent it from reoccurring?

  • What preventive measures can be put into place?

  • How can monitoring and alerting be improved?

From a network forensics perspective, the additional questions to be answered include the following:

  • Which artifacts exist that can help us identify such an incident in the future?

  • What are the lessons learned?

  • How can we improve the investigation process?

  • What IOC can be identified that can be shared with the Incident Response team to help prevent a reoccurrence of such an incident?

While the attackers constantly evolve and innovate in order to keep coming up with newer ways to compromise the networks without getting detected, network forensic investigators too have to keep pace. This means constantly updating oneself, learning from...