Chapter 5. Using Snort for Network-Based Forensics
Information in This Chapter
This chapter, which comprises five sections, discusses the use of Snort as a network-based intrusion detection system (NIDS) during a network forensics investigation. It is a detective-technical security control, used by organizations' security teams and network forensics examiners to monitor network and/or system activities for malicious activities or security policy violations. The first section, “IDS Overview,” provides an overview of intrusion detection systems (IDSes), types of IDSes, and IDS Matrix. The second section, “Snort ...