O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Network Forensics

Book Description

Intensively hands-on training for real-world network forensics

Network Forensics provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity. This book is hands-on all the way—by dissecting packets, you gain fundamental knowledge that only comes from experience. Real packet captures and log files demonstrate network traffic investigation, and the learn-by-doing approach relates the essential skills that traditional forensics investigators may not have. From network packet analysis to host artifacts to log analysis and beyond, this book emphasizes the critical techniques that bring evidence to light.

Network forensics is a growing field, and is becoming increasingly central to law enforcement as cybercrime becomes more and more sophisticated. This book provides an unprecedented level of hands-on training to give investigators the skills they need.

  • Investigate packet captures to examine network communications
  • Locate host-based artifacts and analyze network logs
  • Understand intrusion detection systems—and let them do the legwork
  • Have the right architecture and systems in place ahead of an incident

Network data is always changing, and is never saved in one place; an investigator must understand how to examine data over time, which involves specialized skills that go above and beyond memory, mobile, or data forensics. Whether you're preparing for a security certification or just seeking deeper training for a law enforcement or IT role, you can only learn so much from concept; to thoroughly understand something, you need to do it. Network Forensics provides intensive hands-on practice with direct translation to real-world application.

Table of Contents

  1. Cover
  2. Title Page
  3. Introduction
    1. What This Book Covers
    2. How This Book Is Organized
  4. 1 Introduction to Network Forensics
    1. What Is Forensics?
    2. Incident Response
    3. The Need for Network Forensic Practitioners
    4. Summary
    5. References
  5. 2 Networking Basics
    1. Protocols
    2. Request for Comments
    3. Internet Registries
    4. Internet Protocol and Addressing
    5. Transmission Control Protocol (TCP)
    6. User Datagram Protocol (UDP)
    7. Ports
    8. Domain Name System
    9. Support Protocols (DHCP)
    10. Support Protocols (ARP)
    11. Summary
    12. References
  6. 3 Host-Side Artifacts
    1. Services
    2. Connections
    3. Tools
    4. Summary
  7. 4 Packet Capture and Analysis
    1. Capturing Packets
    2. Packet Analysis with Wireshark
    3. Network Miner
    4. Summary
  8. 5 Attack Types
    1. Denial of Service Attacks
    2. Vulnerability Exploits
    3. Insider Threats
    4. Evasion
    5. Application Attacks
    6. Summary
  9. 6 Location Awareness
    1. Time Zones
    2. Using whois
    3. Traceroute
    4. Geolocation
    5. Location-Based Services
    6. WiFi Positioning
    7. Summary
  10. 7 Preparing for Attacks
    1. NetFlow
    2. Logging
    3. Antivirus
    4. Incident Response Preparation
    5. Security Information and Event Management
    6. Summary
  11. 8 Intrusion Detection Systems
    1. Detection Styles
    2. Host-Based versus Network-Based
    3. Architecture
    4. Alerting
    5. Summary
  12. 9 Using Firewall and Application Logs
    1. Syslog
    2. Event Viewer
    3. Firewall Logs
    4. Common Log Format
    5. Summary
  13. 10 Correlating Attacks
    1. Time Synchronization
    2. Packet Capture Times
    3. Log Aggregation and Management
    4. Timelines
    5. Security Information and Event Management
    6. Summary
  14. 11 Network Scanning
    1. Port Scanning
    2. Vulnerability Scanning
    3. Port Knocking
    4. Tunneling
    5. Passive Data Gathering
    6. Summary
  15. 12 Final Considerations
    1. Encryption
    2. Cloud Computing
    3. The Onion Router (TOR)
    4. Summary
  16. End User License Agreement