Learning Network Forensics - Packt

Overview

Below is an outline of the eBook “Learning Network Forensics” by Packt. If you’re a member, then you can log into the Library and view it in your browser using the email address you signed up with. PS. Only members can successfully log in.

  • Click HERE to log into the library (Members only).
  • Folder: Books and Guides > Security eBooks

If you are having issues logging in, please check the following help guide, HERE.

 

Outline

1. Becoming Network 007s

007 characteristics in the network world
Bond characteristics for getting to satisfactory completion of the case
The TAARA methodology for network forensics
Identifying threats to the enterprise
Internal threats
External threats
Data breach surveys
Locard's exchange principle
Defining network forensics
Differentiating between computer forensics and network forensics
Strengthening our technical fundamentals
The seven-layer model
The TCP/IP model
Understanding the concept of interconnection between networks/Internet
Internet Protocol (IP)
Structure of an IP packet
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
Internet application protocols
Understanding network security
Types of threats
Internal threats
External threats
Network security goals
Confidentiality
Integrity
Availability
How are networks exploited?
Digital footprints
Summary

 

2. Laying Hands on the Evidence

Identifying sources of evidence
Evidence obtainable from within the network
Evidence from outside the network
Learning to handle the evidence
Rules for the collection of digital evidence
Rule 1: never mishandle the evidence
Rule 2: never work on the original evidence or system
Rule 3: document everything
Collecting network traffic using tcpdump
Installing tcpdump
Understanding tcpdump command parameters
Capturing network traffic using tcpdump
Collecting network traffic using Wireshark
Using Wireshark
Collecting network logs
Acquiring memory using FTK Imager
Summary

 

3. Capturing & Analyzing Data Packets

Tapping into network traffic
Passive and active sniffing on networks
Packet sniffing and analysis using Wireshark
Packet sniffing and analysis using NetworkMiner
Case study – tracking down an insider
Summary

 

4. Going Wireless

Laying the foundation – IEEE 802.11
Understanding wireless protection and security
Wired equivalent privacy
Wi-Fi protected access
Wi-Fi Protected Access II
Securing your Wi-Fi network
Discussing common attacks on Wi-Fi networks
Incidental connection
Malicious connection
Ad hoc connection
Non-traditional connections
Spoofed connections
Man-in-the-middle (MITM) connections
The denial-of-service (DoS) attack
Capturing and analyzing wireless traffic
Sniffing challenges in a Wi-Fi world
Configuring our network card
Sniffing packets with Wireshark
Analyzing wireless packet capture
Summary

 

5. Tracking an Intruder on the Network

Understanding Network Intrusion Detection Systems
Understanding Network Intrusion Prevention Systems
Modes of detection
Pattern matching
Anomaly detection
Differentiating between NIDS and NIPS
Using SNORT for network intrusion detection and prevention
The sniffer mode
The packet logger mode
The network intrusion detection/prevention mode
Summary

 

6. Connecting the Dots – Event Logs

Understanding log formats
Use case
Discovering the connection between logs and forensics
Security logs
System logs
Application logs
Practicing sensible log management
Log management infrastructure
Log management planning and policies
Analyzing network logs using Splunk
Summary

 

7. Proxies, Firewalls, and Routers

Getting proxies to confess
Roles proxies play
Types of proxies
Understanding proxies
Excavating the evidence
Making firewalls talk
Different types of firewalls
Packet filter firewalls
Stateful inspection firewalls
Application layer firewalls
Interpreting firewall logs
Tales routers tell
Summary

 

8. Smuggling Forbidden Protocols – Network Tunneling

Understanding VPNs
Types of VPNs
Remote access VPNs
Point-to-point VPNs
The AAA of VPNs
How does tunneling work?
SSH tunneling
Types of tunneling protocols
The Point-to-Point Tunneling Protocol
Layer 2 Tunneling Protocol
Secure Socket Tunneling Protocol
Various VPN vulnerabilities & logging
Summary

 

9. Investigating Malware – Cyber Weapons of the Internet

Knowing malware
Malware objectives
Malware origins
Trends in the evolution of malware
Malware types and their impact
Adware Spyware Virus Worms Trojans Rootkits Backdoors Keyloggers
Ransomware
Browser hijackers
Botnets
Understanding malware payload behavior
Destructive Identity theft
Espionage
Financial fraud
Theft of data
Misuse of resources
Malware attack architecture
Indicators of Compromise
Performing malware forensics
Malware insight – Gameover Zeus Trojan
Summary

 

10. Closing the Deal – Solving the Case

Revisiting the TAARA investigation methodology
Triggering the case
Trigger of the case
Acquiring the information and evidence
Important handling guidelines
Gathering information and acquiring the evidence
Analyzing the collected data – digging deep
Reporting the case
Action for the future
Future of network forensics
Summary Index

 

-----

Next steps:

This article was contributed by Jason Jacobs from Guyana. Jason is a member of the Caribbean CSPA. 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.