Index
A
- access control (MAC) / Packet sniffing and analysis using NetworkMiner
- Access Control Lists (ACLs) / Different types of firewalls
- access point (AP) / Malicious connection
- Ad hoc connection / Ad hoc connection
- Advanced Encryption Standard (AES / Wi-Fi protected access
- Advanced Research Projects Agency Network (ARPANET) / Trends in the evolution of malware
- Adware / Adware
- Aggressive Mode (AM) / Various VPN vulnerabilities
- AirPcap / Configuring our network card
- anomaly detection / Anomaly detection
- anonymizing proxy / Types of proxies
- Anti-virus/anti-malware software / Security logs
- application layer / The seven-layer model, The TCP/IP model
- application layer firewalls
- about / Application layer firewalls
- application logs
- about / Application logs
- Client/Server request and response / Application logs
- Account-related information / Application logs
- Usage-related information / Application logs
- Significant actions-related information / Application logs
- Arbor Networks
- URL / Triggering the case
- attack signature / Anomaly detection
B
- Backdoors / Backdoors
- Berkeley Software Distribution (BSD) license / Collecting network traffic using tcpdump
- Bluetooth Low Energy (LE) / Non-traditional connections
- Botnets / Botnets
- bots / Botnets
- browser hijackers / Browser hijackers
C
- Call Data Analysis & Management System (CDAMS) / Triggering the case
- case
- triggerring / Triggering the case, Trigger of the case
- case study / Case study – tracking down an insider
- chain of custody (CoC) / Rule 3: document everything
- Chief Security Officer (CSO) / Analyzing the collected data – digging deep
- Clean MX database
- URL / Triggering the case
- closed-circuit television (CCTV) camera / 007 characteristics in the network world
- Comma Separated Values (CSV) / Practicing sensible log management
- computer forensics
- and network forensics, differentiating between / Differentiating between computer forensics and network forensics
- Cost of DataBreach Survey
- URL / Data breach surveys
- CryptoLocker / Malware origins
- CryptoWall / Malware origins
- Cyber Observable eXpression (CybOX™)
- URL / Indicators of Compromise
D
- data breach
- surveys / Data breach surveys
- data link layer / The seven-layer model
- Deep Web / Ransomware
- denial-of-service (DoS) attack / The denial-of-service (DoS) attack
- Denial-of-service (DoS) attack / Tales routers tell
- detection, modes
- about / Modes of detection
- pattern matching / Pattern matching
- anomaly detection / Anomaly detection
- Direct Sequence Spread Spectrum (DSSS) / Laying the foundation – IEEE 802.11
- distorting proxy / Types of proxies
- distributed denial-of-service (DDoS) attack / Malware insight – Gameover Zeus Trojan
- Domain Name Server (DNS) records / Strengthening our technical fundamentals
E
- electronic private automatic branch exchanges (EPABX) system / Triggering the case
- EnCase / 007 characteristics in the network world
- Event Viewer / Collecting network logs
- evidence
- sources, identifying / Identifying sources of evidence
- obtainable, from within network / Evidence obtainable from within the network
- obtainable, from outside network / Evidence from outside the network
- handling / Learning to handle the evidence
- digital evidence collection, rules / Rules for the collection of digital evidence
- handling, rules / Rule 1: never mishandle the evidence
- original evidence / Rule 2: never work on the original evidence or system
- documenting / Rule 3: document everything
- excavating / Excavating the evidence
- acquiring / Acquiring the information and evidence, Gathering information and acquiring the evidence
- handling guidelines / Important handling guidelines
- data collected, analyzing / Analyzing the collected data – digging deep
- case, reporting / Reporting the case
- Extensible Markup Language (XML) / Practicing sensible log management
F
- Federal Communications Commission (FCC) rules / Laying the foundation – IEEE 802.11
- File Transfer Protocol (FTP) / Internet application protocols, Practicing sensible log management
- File transfer protocol (FTP) traffic
- about / Application layer firewalls
- FireHOL IP lists
- URL / Triggering the case
- firewalls / Security logs
- about / Making firewalls talk
- types / Different types of firewalls
- packet filter firewalls / Packet filter firewalls
- stateful inspection firewalls / Stateful inspection firewalls
- application layer firewalls / Application layer firewalls
- interpreting / Interpreting firewall logs
- footprinting / External threats
- Forensic Toolkit (FTK) Imager / 007 characteristics in the network world
- Frequency Hopping Spread Spectrum (FHSS) / Laying the foundation – IEEE 802.11
- FTK Imager
- used, for acquiring memory / Acquiring memory using FTK Imager
- URL / Acquiring memory using FTK Imager
- future
- action / Action for the future
G
- Gameover Zeus Trojan / Malware insight – Gameover Zeus Trojan
- Generic Routing Encapsulation (GRE) / The Point-to-Point Tunneling Protocol
- GeoIP feature / Analyzing wireless packet capture
H
- Hypertext Transfer Protocol (HTTP) / Internet application protocols, Understanding proxies
I
- incidental connection / Incidental connection
- Indicators of Compromise (IOC)
- about / Indicators of Compromise
- InfoWatch Global Data Leakage Report
- URL / Data breach surveys
- Institute of Electrical and Electronics Engineers (IEEE)
- Internet Control Message Protocol (ICMP) traffic / Log management infrastructure
- Internet Engineering Task Force (IETF) / Internet application protocols
- Internet Key Exchange (IKE) / Various VPN vulnerabilities
- internet layer / The TCP/IP model
- Internet of Things (IoT) / Future of network forensics
- Internet Protocol (IP)
- about / Understanding the concept of interconnection between networks/Internet, Internet Protocol (IP)
- Internet Protocol version 4 (IPv4) / Internet Protocol (IP)
- Internet Protocol version 5 (IPv5) / Internet Protocol (IP)
- versions / Internet Protocol (IP)
- Internet service provider (ISP) logs / Evidence from outside the network
- Internet Service Providers (ISPs) / Use case
- intrusion detection and prevention systems (IDPS) / Discovering the connection between logs and forensics
- intrusion detection system (IDS) / Security logs, Triggering the case
- intrusion prevention system (IPS) / Security logs, Triggering the case
- IP packet
- about / Structure of an IP packet
K
- Keyloggers / Keyloggers
- KPMG Cybercrime survey report
- URL / Data breach surveys
L
- libpcap library / Collecting network traffic using tcpdump
- Locards exchange principle / Internal threats
- about / Locard's exchange principle
- log
- and forencis, discovering / Discovering the connection between logs and forensics
- log, management
- practicing / Practicing sensible log management
- issues / Practicing sensible log management
- infrastructure / Log management infrastructure
- planning and policies / Log management planning and policies
- log formats
- about / Understanding log formats
- Ws / Understanding log formats
- When / Understanding log formats
- Where / Understanding log formats
- Who / Understanding log formats
- What / Understanding log formats
- logs
- security logs / Security logs
- system logs / System logs
- application logs / Application logs
- log_mime_headers / Excavating the evidence
M
- Mail Service Provider (MSP)
- about / Use case
- Malc0de Database
- URL / Triggering the case
- malicious connection / Malicious connection
- Malware
- URL / Triggering the case
- malware
- about / Knowing malware
- objectives / Malware objectives
- origins / Malware origins
- evolution / Trends in the evolution of malware
- types / Malware types and their impact
- attack, architecture / Malware attack architecture
- forencis, performing / Performing malware forensics
- Gameover Zeus Trojan / Malware insight – Gameover Zeus Trojan
- malware, types
- about / Malware types and their impact
- Adware / Adware
- Spyware / Spyware
- Virus / Virus
- Worms / Worms
- Trojans / Trojans
- Rootkits / Rootkits
- Backdoors / Backdoors
- Keyloggers / Keyloggers
- Ransomware / Ransomware
- browser hijackers / Browser hijackers
- Botnets / Botnets
- Malware Domain Blocklist
- URL / Triggering the case
- malware payload behavior
- about / Understanding malware payload behavior
- destructive / Destructive
- identity theft / Identity theft
- espionage / Espionage
- financial fraud / Financial fraud
- data theft / Theft of data
- resources, misuse / Misuse of resources
- man-in-the-middle (MITM) attack / Wi-Fi protected access
- Man-in-the-middle (MITM) connection / Man-in-the-middle (MITM) connections
- Master Boot Record (MBR) / Performing malware forensics
- media access control (MAC)
- memory
- acquiring, FTK Imager used / Acquiring memory using FTK Imager
- mirror port / Passive and active sniffing on networks
- misuse detection
- about / Pattern matching
- multiple input, multiple output (MIMO) / Laying the foundation – IEEE 802.11
- mutual assured destruction (MAD) / Trends in the evolution of malware
N
- National Institute of Standards and Technology (NIST)
- about / Defining network forensics
- National Software Reference Library (NSRL) / Performing malware forensics
- netstat / Performing malware forensics
- Network-attached storage (NAS) / Log management infrastructure
- Network Access Control (NAC) / Laying the foundation – IEEE 802.11
- Network Access Server (NAS) / Remote access VPNs
- Network Address Translation (NAT) / Application layer firewalls
- network forensics
- investigations / Bond characteristics for getting to satisfactory completion of the case
- TAARA methodology / The TAARA methodology for network forensics
- defining / Defining network forensics
- and computer forensics, differentiating between / Differentiating between computer forensics and network forensics
- future / Future of network forensics
- network interface card (NIC) / Tapping into network traffic, Packet sniffing and analysis using NetworkMiner, Securing your Wi-Fi network
- network intrusion detection/prevention mode
- SNORT used / Using SNORT for network intrusion detection and prevention
- sniffer mode / The sniffer mode
- packet logger mode / The packet logger mode
- about / The network intrusion detection/prevention mode
- Network Intrusion Detection Systems (NIDS)
- about / Understanding Network Intrusion Detection Systems
- and Network Intrusion Prevention Systems (NIPS), differentiating between / Differentiating between NIDS and NIPS
- Network Intrusion Prevention Systems (NIPS)
- network layer / The seven-layer model, The TCP/IP model
- network logs
- collecting / Collecting network logs
- analyzing, Splunk used / Analyzing network logs using Splunk
- NetworkMiner
- used, for packet sniffing and analysis / Packet sniffing and analysis using NetworkMiner
- URL / Packet sniffing and analysis using NetworkMiner
- Network News Transfer Protocol (NNTP) / Internet application protocols
- networks/Internet
- network security
- about / Understanding network security
- threats, types / Types of threats
- goals / Network security goals
- network security, goals
- confidentiality / Confidentiality
- integrity / Integrity
- availability / Availability
- exploitation / How are networks exploited?
- Network Time Protocol (NTP) server
- about / Use case
- network traffic
- collecting, tcpdump used / Collecting network traffic using tcpdump
- tcpdump, installing / Installing tcpdump
- tcpdump command parameters / Understanding tcpdump command parameters
- capturing, tcpdump used / Capturing network traffic using tcpdump
- collecting, WireShark used / Collecting network traffic using Wireshark, Using Wireshark
- tapping into / Tapping into network traffic
- Next generation firewalls (NGFWs) / Different types of firewalls
- Non-traditional connection / Non-traditional connections
O
- Open Indicators of Compromise (Open IOC)
- URL / Indicators of Compromise
- OpenPhish
- URL / Triggering the case
- Open Systems Interconnection (OSI) reference model / Strengthening our technical fundamentals
- Orthogonal frequency-division multiplexing (OFDM) scheme / Laying the foundation – IEEE 802.11
P
- Packet Bytes pane / Packet sniffing and analysis using Wireshark
- Packet Details pane / Packet sniffing and analysis using Wireshark
- packet filter firewalls
- about / Packet filter firewalls
- Packet List pane / Packet sniffing and analysis using Wireshark
- packet logger mode / The packet logger mode
- packets
- unicast / Sniffing packets with Wireshark
- multicast / Sniffing packets with Wireshark
- broadcast / Sniffing packets with Wireshark
- packet sniffing and analysis
- Wireshark used / Packet sniffing and analysis using Wireshark
- NetworkMiner used / Packet sniffing and analysis using NetworkMiner
- passive and active sniffing
- on networks / Passive and active sniffing on networks
- pattern matching / Pattern matching
- peer-to-peer (P2P) protocol / Malware insight – Gameover Zeus Trojan
- personally identifiable information (PII) / Identity theft
- physical layer / The seven-layer model
- physical layer (PHY) / Laying the foundation – IEEE 802.11
- Point to Point Tunneling Protocol / The Point-to-Point Tunneling Protocol
- Point to Point VPNs / Point-to-point VPNs
- Port Address Translation (PAT) / Application layer firewalls
- presentation layer / The seven-layer model
- protocol, types
- passenger protocol / How does tunneling work?
- encapsulating protocol / How does tunneling work?
- carrier protocol / How does tunneling work?
- proxies
- about / Getting proxies to confess, Understanding proxies
- servers / Roles proxies play
- types / Types of proxies
- proxies, types
- anonymizing proxy / Types of proxies
- highly anonymizing proxy / Types of proxies
- transparent proxy / Types of proxies
- distorting proxy / Types of proxies
- reverse proxy / Types of proxies
- PwC UK
- URL / Data breach surveys
Q
- Quality of Service (QoS) / Laying the foundation – IEEE 802.11
R
- Ransomware / Ransomware
- Remote Access Server (RAS) / Remote access VPNs
- Remote Access VPNs
- about / Remote access VPNs
- Remote Desk Protocol (RDP) / Security logs
- REMOTE_ADDR header / Types of proxies
- reverse proxy / Types of proxies
- RFC 1123 / Internet application protocols
- Rootkits / Rootkits
- routers / Security logs
- about / Tales routers tell
S
- Scumware
- URL / Triggering the case
- Secure Sockets Layer or SSL) / Security logs
- Secure Socket Tunneling Protocol / Secure Socket Tunneling Protocol
- security logs
- about / Security logs
- anti-virus/anti-malware software / Security logs
- routers / Security logs
- firewalls / Security logs
- intrusion detection and prevention systems / Security logs
- remote access software / Security logs
- Uniform Resource Locators (URLs) / Security logs
- vulnerability management software / Security logs
- authentication servers / Security logs
- system events / System logs
- audit records / System logs
- seven-layer model
- about / The seven-layer model
- TCP/IP model / The TCP/IP model
- Simple Network Markup Protocol (SNMP) / Practicing sensible log management
- Single Carrier-Orthogonal frequency division multiplex (SC-OFDM) / Laying the foundation – IEEE 802.11
- small office or home office (SOHO) network / Spoofed connections
- sniffer mode / The sniffer mode
- SNORT
- used, for network intrusion detection and prevention / Using SNORT for network intrusion detection and prevention
- URL / Using SNORT for network intrusion detection and prevention
- sniffer mode / The sniffer mode
- packet logger mode / The packet logger mode
- network intrusion detection/prevention mode / The network intrusion detection/prevention mode
- rule header / The network intrusion detection/prevention mode
- rule option / The network intrusion detection/prevention mode
- rule action, options / The network intrusion detection/prevention mode
- Splunk
- used, for analyzing network logs / Analyzing network logs using Splunk
- URL / Analyzing network logs using Splunk
- Spoofed connection / Spoofed connections
- Spyware / Spyware
- SSH tunneling / SSH tunneling
- stateful inspection firewalls
- about / Stateful inspection firewalls
- Support Form / Use case
- Switched Port Analyzer (SPAN) port / Passive and active sniffing on networks
- SYNful knock / Tales routers tell
- system logs
- about / System logs
T
- TAARA
- TAARA methodology
- for network forensics / The TAARA methodology for network forensics
- Trigger / The TAARA methodology for network forensics
- Acquire / The TAARA methodology for network forensics
- Analysis / The TAARA methodology for network forensics
- Report / The TAARA methodology for network forensics
- Action / The TAARA methodology for network forensics
- tab-separated values (TSV) / Practicing sensible log management
- TCP/IP model / The TCP/IP model
- tcpdump
- URL / Collecting network traffic using tcpdump
- installing / Installing tcpdump
- command parameters / Understanding tcpdump command parameters
- used, for capturing network traffic / Capturing network traffic using tcpdump
- technical fundamentals
- Temporal Key Integrity Protocol (TKIP) / Wi-Fi protected access
- test access point (TAP) / Passive and active sniffing on networks
- threats
- about / Identifying threats to the enterprise
- internal threats / Internal threats
- external threats / External threats
- time to live (TTL) / Packet sniffing and analysis using NetworkMiner
- Transmission Control Protocol (TCP) / Transmission Control Protocol (TCP)
- transparent proxy / Types of proxies
- transport layer / The seven-layer model, The TCP/IP model
- Trojans / Trojans
- tunneling
- working / How does tunneling work?
- SSH tunneling / SSH tunneling
- protocols / Types of tunneling protocols
- Point to Point Tunneling Protocol / The Point-to-Point Tunneling Protocol
- Layer 2 Tunneling Protocol / Layer 2 Tunneling Protocol
- Secure Socket Tunneling Protocol / Secure Socket Tunneling Protocol
U
- Unified Threat Management (UTM) devices / Differentiating between NIDS and NIPS
- use case
- about / Use case
- User Datagram Protocol (UDP) / User Datagram Protocol (UDP)
V
- Verizon Data Breach Investigations
- URL / Data breach surveys
- virtual private networking (VPN) / Security logs
- Virus / Virus
- VPNs
- about / Understanding VPNs
- types / Types of VPNs
- Remote Access VPNs / Remote access VPNs
- Point to Point VPNs / Point-to-point VPNs
- AAA / The AAA of VPNs
- authentication / The AAA of VPNs
- authorization / The AAA of VPNs
- accounting / The AAA of VPNs
- vulnerabilities & logging / Various VPN vulnerabilities
W
- Wayback Machine
- Web proxies / Security logs
- WhatIs.com / Defining network forensics
- whole disk encryption (WDE) / Evidence obtainable from within the network
- Wi-Fi Alliance / Wired equivalent privacy
- Wi-Fi network
- securing / Securing your Wi-Fi network
- Wi-Fi networks, attacks
- about / Discussing common attacks on Wi-Fi networks
- incidental connection / Incidental connection
- malicious connection / Malicious connection
- ad hoc connection / Ad hoc connection
- non-traditional connections / Non-traditional connections
- spoofed connections / Spoofed connections
- man-in-the-middle (MITM) connections / Man-in-the-middle (MITM) connections
- denial-of-service (DoS) attack / The denial-of-service (DoS) attack
- Wi-Fi Protected Access (WPA)
- about / Wi-Fi protected access
- Wi-Fi Protected Access II / Wi-Fi Protected Access II
- Wi-Fi Protected Setup (WPS) / Wi-Fi Protected Access II
- WinPcap library / Collecting network traffic using tcpdump
- Wired Equivalent Privacy (WEP) / Wired equivalent privacy
- wireless access points (WAPs) / Wi-Fi protected access
- wireless local area networks (WLANs)
- wireless protection and security
- about / Understanding wireless protection and security
- Wired Equivalent Privacy (WEP) / Wired equivalent privacy
- Wi-Fi Protected Access (WPA) / Wi-Fi protected access
- Wi-Fi Protected Access II / Wi-Fi Protected Access II
- Wi-Fi network, securing / Securing your Wi-Fi network
- wireless traffic
- capturing / Capturing and analyzing wireless traffic
- analyzing / Capturing and analyzing wireless traffic
- Wi-Fi world, challenges / Sniffing challenges in a Wi-Fi world
- network card, configuring / Configuring our network card
- packets with Wireshark, sniffing / Sniffing packets with Wireshark
- wireless packet capture, analyzing / Analyzing wireless packet capture
- Wireshark / 007 characteristics in the network world, Capturing and analyzing wireless traffic
- used, for capturing network traffic / Collecting network traffic using Wireshark
- using / Using Wireshark
- used, for packet sniffing and analysis / Packet sniffing and analysis using Wireshark
- packets, sniffing with / Sniffing packets with Wireshark
- World Wide Web Consortium
- URL / Use case
- Worms / Worms
Y
- YARA
- URL / Indicators of Compromise