Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learning Network Forensics
  • Table Of Contents Toc
  • Feedback & Rating feedback
Learning Network Forensics

Learning Network Forensics

By : Datt
1.5 (2)
Buy this Book
close
close
Learning Network Forensics

Learning Network Forensics

1.5 (2)
By: Datt
Buy this Book

Overview of this book

We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.
Table of Contents (12 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Becoming Network 007s
Icon
1. Becoming Network 007s
Icon
007 characteristics in the network world
Icon
Identifying threats to the enterprise
Icon
Data breach surveys
Icon
Defining network forensics
Icon
Differentiating between computer forensics and network forensics
Icon
Strengthening our technical fundamentals
Icon
Understanding network security
Icon
Network security goals
Icon
Digital footprints
Icon
Summary
2
2. Laying Hands on the Evidence
Icon
2. Laying Hands on the Evidence
Icon
Identifying sources of evidence
Icon
Learning to handle the evidence
Icon
Collecting network traffic using tcpdump
Icon
Collecting network traffic using Wireshark
Icon
Collecting network logs
Icon
Acquiring memory using FTK Imager
Icon
Summary
3
3. Capturing & Analyzing Data Packets
chevron up
Icon
3. Capturing & Analyzing Data Packets
Icon
Tapping into network traffic
Icon
Packet sniffing and analysis using Wireshark
Icon
Packet sniffing and analysis using NetworkMiner
Icon
Case study – tracking down an insider
Icon
Summary
4
4. Going Wireless
Icon
4. Going Wireless
Icon
Laying the foundation – IEEE 802.11
Icon
Understanding wireless protection and security
Icon
Discussing common attacks on Wi-Fi networks
Icon
Capturing and analyzing wireless traffic
Icon
Summary
5
5. Tracking an Intruder on the Network
Icon
5. Tracking an Intruder on the Network
Icon
Understanding Network Intrusion Detection Systems
Icon
Understanding Network Intrusion Prevention Systems
Icon
Modes of detection
Icon
Differentiating between NIDS and NIPS
Icon
Using SNORT for network intrusion detection and prevention
Icon
Summary
6
6. Connecting the Dots – Event Logs
Icon
6. Connecting the Dots – Event Logs
Icon
Understanding log formats
Icon
Use case
Icon
Discovering the connection between logs and forensics
Icon
Practicing sensible log management
Icon
Analyzing network logs using Splunk
Icon
Summary
7
7. Proxies, Firewalls, and Routers
Icon
7. Proxies, Firewalls, and Routers
Icon
Getting proxies to confess
Icon
Making firewalls talk
Icon
Tales routers tell
Icon
Summary
8
8. Smuggling Forbidden Protocols – Network Tunneling
Icon
8. Smuggling Forbidden Protocols – Network Tunneling
Icon
Understanding VPNs
Icon
How does tunneling work?
Icon
Types of tunneling protocols
Icon
Various VPN vulnerabilities & logging
Icon
Summary
9
9. Investigating Malware – Cyber Weapons of the Internet
Icon
9. Investigating Malware – Cyber Weapons of the Internet
Icon
Knowing malware
Icon
Trends in the evolution of malware
Icon
Malware types and their impact
Icon
Understanding malware payload behavior
Icon
Malware attack architecture
Icon
Indicators of Compromise
Icon
Performing malware forensics
Icon
Summary
10
10. Closing the Deal – Solving the Case
Icon
10. Closing the Deal – Solving the Case
Icon
Revisiting the TAARA investigation methodology
Icon
Triggering the case
Icon
Acquiring the information and evidence
Icon
Analyzing the collected data – digging deep
Icon
Reporting the case
Icon
Action for the future
Icon
Future of network forensics
Icon
Summary
11
Index
Icon
Index

Packet sniffing and analysis using NetworkMiner

NetworkMiner is a passive network sniffing or network forensic tool. It is called a passive tool as it does not send out requests—it sits silently on the network, capturing every packet in the promiscuous mode.

NetworkMiner is host-centric. This means that it will classify data based on hosts rather than packets, which is what most sniffers such as Wireshark do.

The different steps to NetworkMiner usage are as follows:

  1. Download and install the NetworkMiner.
  2. Then, configure it.
  3. Capture the data in NetworkMiner.
  4. Finally, analyze the data.

NetworkMiner is available for download at SourceForge: http://sourceforge.net/projects/networkminer/.

Though NetworkMiner is not as well known as it should be, it's host-centric approach is refreshingly different and effective. Allowing the users to classify traffic based on the IP addresses and not packets helps us to zero in on activities related to the specific computers that are under suspicion or...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Learning Network Forensics
End of Section 3
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon