Book Image

Learning Network Forensics

By : Samir Datt
Book Image

Learning Network Forensics

By: Samir Datt

Overview of this book

We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.
Table of Contents (17 chapters)
Learning Network Forensics
About the Author
About the Reviewers

Understanding Network Intrusion Detection Systems

A Network Intrusion Detection System (NIDS) is a bit like the early warning alarm sirens that we see and hear in prison escape movies. These are triggered by a predefined event (such as an attempted break in/out) that is identified by a rule set enabled by the administrator/investigator. Just like a burglar alarm in a house, the NIDS is designed to detect an intruder and issue an alert to an authorized person.

Normally, a NIDS is able to detect intrusions in the network segment that it is monitoring. The key to its effective functioning is the correct placement of the NIDS device to enable it to monitor all network traffic entering and leaving the system. One way to do this is by placing it on the network and passing mirrored traffic through it. This is done to ensure that all the network traffic passes through the NIDS device.

The NIDS will monitor all inbound and outbound traffic and identify attempted intrusions by detecting anomalous...