Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer, First Edition

Chapter 8 Network Forensics

“Hope is the last thing a person does before they are defeated.”

—Henry Rollins

Now that you have a good idea about investigating endpoints, it’s time to look at the communication between endpoints. In this chapter, we focus on investigating local networks and how they interact with the Internet. This includes network protocols, security tools that monitor networks, various types of network-based attacks, and the footprint they leave behind. We do not investigate external threats beyond what data threat feeds provide and some basic DNS querying because that is out of scope for many forensic investigations. In most real-world situations, administrators just want to know which external sources are malicious so that ...

Get Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer, First Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer, First Edition by Joseph Muniz, Aamir Lakhani

Chapter 8

Network Forensics

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly