Book Image

Learning Network Forensics

By : Samir Datt
Book Image

Learning Network Forensics

By: Samir Datt

Overview of this book

We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.
Table of Contents (17 chapters)
Learning Network Forensics
About the Author
About the Reviewers

Chapter 5. Tracking an Intruder on the Network


"Beware the intentions of Uninvited Guests."

 --Samir Datt

Intruders on a network are any network administrators' worst nightmare. Survey after survey conducted by the world's most trusted organizations point indisputably to the fact that, statistically, when it comes to network breaches, it is not a matter of if my network gets breached, but a matter of when my network gets breached. Some of the famous sites and networks that have been attacked in the past include the Pentagon, NATO, White House, and so on. As a network forensics investigator, it is critical to understand ways and means of intrusion detection and prevention.

Intrusion detection/prevention systems come in a multitude of flavors. There can be a host-based IDS/IPS or network-based IDS/IPS. Host-based systems monitor activity on the host computer, whereas network-based systems monitor activity based on network traffic captures.

This chapter focuses on detecting and preventing intrusions...