Book Image

Learning Network Forensics

By : Samir Datt
Book Image

Learning Network Forensics

By: Samir Datt

Overview of this book

We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.
Table of Contents (17 chapters)
Learning Network Forensics
About the Author
About the Reviewers

Practicing sensible log management

The success of any kind of forensic investigation hinges on the preparation. As we have seen, logs are the mother lode of information and without them, network forensics would be seriously crippled. Criminals also realize this. Once a perpetrator has gained access to our network, one of the first things they try to do is cover the tracks. The first step in this process is getting rid of the logs that document their activity in first attempting and then succeeding in breaching the security of the network. To counter this risk, sensible log management processes have to be in place.

In every organization, there are a multitude of operating systems, a variety of security software, and a large number of applications; each of which generate logs. All this makes log management very complicated. Some of the problems associated with log management are as shown in the following:

  • Multiple log sources: Logs can be generated on multiple hosts throughout the organization...