Chapter 5. Using Snort for Network-Based Forensics
Information in This Chapter
This chapter, which comprises five sections, discusses the use of Snort as a network-based intrusion detection system (NIDS) during a network forensics investigation. It is a detective-technical security control, used by organizations' security teams and network forensics examiners to monitor network and/or system activities for malicious activities or security policy violations. The first section, “IDS Overview,” provides an overview of intrusion detection systems (IDSes), types of IDSes, and IDS Matrix. The second section, “Snort ...
Get Digital Forensics for Network, Internet, and Cloud Computing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
