O'Reilly logo

Incident Response & Computer Forensics, 2nd Ed. by Chris Prosise, Kevin Mandia

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 14
Analyzing Network Traffic
 
In Chapter 8, we described how to perform full-content network monitoring to gather network-based evidence. However, once you’ve collected full-content data, you need to be able to analyze it in order to identify indications and warnings of suspicious activity. This chapter outlines a formal investigative approach to interpreting network activity. We’ll explain how to review large binary capture files and quickly identify relevant data.
FINDING NETWORK-BASED EVIDENCE
After you collect network traffic, you must eventually read that traffic and interpret whether or not evidence of a computer security incident exists. The network traffic you’ve collected is stored in binary files, which are very large. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required