Learning Network Forensics - Packt


Below is an outline of the eBook “Learning Network Forensics” by Packt. If you’re a member, then you can log into the Library and view it in your browser using the email address you signed up with. PS. Only members can successfully log in.

  • Click HERE to log into the library (Members only).
  • Folder: Books and Guides > Security eBooks

If you are having issues logging in, please check the following help guide, HERE.



1. Becoming Network 007s

007 characteristics in the network world
Bond characteristics for getting to satisfactory completion of the case
The TAARA methodology for network forensics
Identifying threats to the enterprise
Internal threats
External threats
Data breach surveys
Locard's exchange principle
Defining network forensics
Differentiating between computer forensics and network forensics
Strengthening our technical fundamentals
The seven-layer model
The TCP/IP model
Understanding the concept of interconnection between networks/Internet
Internet Protocol (IP)
Structure of an IP packet
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
Internet application protocols
Understanding network security
Types of threats
Internal threats
External threats
Network security goals
How are networks exploited?
Digital footprints


2. Laying Hands on the Evidence

Identifying sources of evidence
Evidence obtainable from within the network
Evidence from outside the network
Learning to handle the evidence
Rules for the collection of digital evidence
Rule 1: never mishandle the evidence
Rule 2: never work on the original evidence or system
Rule 3: document everything
Collecting network traffic using tcpdump
Installing tcpdump
Understanding tcpdump command parameters
Capturing network traffic using tcpdump
Collecting network traffic using Wireshark
Using Wireshark
Collecting network logs
Acquiring memory using FTK Imager


3. Capturing & Analyzing Data Packets

Tapping into network traffic
Passive and active sniffing on networks
Packet sniffing and analysis using Wireshark
Packet sniffing and analysis using NetworkMiner
Case study – tracking down an insider


4. Going Wireless

Laying the foundation – IEEE 802.11
Understanding wireless protection and security
Wired equivalent privacy
Wi-Fi protected access
Wi-Fi Protected Access II
Securing your Wi-Fi network
Discussing common attacks on Wi-Fi networks
Incidental connection
Malicious connection
Ad hoc connection
Non-traditional connections
Spoofed connections
Man-in-the-middle (MITM) connections
The denial-of-service (DoS) attack
Capturing and analyzing wireless traffic
Sniffing challenges in a Wi-Fi world
Configuring our network card
Sniffing packets with Wireshark
Analyzing wireless packet capture


5. Tracking an Intruder on the Network

Understanding Network Intrusion Detection Systems
Understanding Network Intrusion Prevention Systems
Modes of detection
Pattern matching
Anomaly detection
Differentiating between NIDS and NIPS
Using SNORT for network intrusion detection and prevention
The sniffer mode
The packet logger mode
The network intrusion detection/prevention mode


6. Connecting the Dots – Event Logs

Understanding log formats
Use case
Discovering the connection between logs and forensics
Security logs
System logs
Application logs
Practicing sensible log management
Log management infrastructure
Log management planning and policies
Analyzing network logs using Splunk


7. Proxies, Firewalls, and Routers

Getting proxies to confess
Roles proxies play
Types of proxies
Understanding proxies
Excavating the evidence
Making firewalls talk
Different types of firewalls
Packet filter firewalls
Stateful inspection firewalls
Application layer firewalls
Interpreting firewall logs
Tales routers tell


8. Smuggling Forbidden Protocols – Network Tunneling

Understanding VPNs
Types of VPNs
Remote access VPNs
Point-to-point VPNs
The AAA of VPNs
How does tunneling work?
SSH tunneling
Types of tunneling protocols
The Point-to-Point Tunneling Protocol
Layer 2 Tunneling Protocol
Secure Socket Tunneling Protocol
Various VPN vulnerabilities & logging


9. Investigating Malware – Cyber Weapons of the Internet

Knowing malware
Malware objectives
Malware origins
Trends in the evolution of malware
Malware types and their impact
Adware Spyware Virus Worms Trojans Rootkits Backdoors Keyloggers
Browser hijackers
Understanding malware payload behavior
Destructive Identity theft
Financial fraud
Theft of data
Misuse of resources
Malware attack architecture
Indicators of Compromise
Performing malware forensics
Malware insight – Gameover Zeus Trojan


10. Closing the Deal – Solving the Case

Revisiting the TAARA investigation methodology
Triggering the case
Trigger of the case
Acquiring the information and evidence
Important handling guidelines
Gathering information and acquiring the evidence
Analyzing the collected data – digging deep
Reporting the case
Action for the future
Future of network forensics
Summary Index



Next steps:

This article was contributed by Jason Jacobs from Guyana. Jason is a member of the Caribbean CSPA. 

Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.