O'Reilly logo

Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer, First Edition by Aamir Lakhani, Joseph Muniz

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8

Network Forensics

“Hope is the last thing a person does before they are defeated.”

—Henry Rollins

Now that you have a good idea about investigating endpoints, it’s time to look at the communication between endpoints. In this chapter, we focus on investigating local networks and how they interact with the Internet. This includes network protocols, security tools that monitor networks, various types of network-based attacks, and the footprint they leave behind. We do not investigate external threats beyond what data threat feeds provide and some basic DNS querying because that is out of scope for many forensic investigations. In most real-world situations, administrators just want to know which external sources are malicious so that ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required