Cisco router and switch forensics investigating and analyzing malicious network activity
Cisco IOS (the software that runs the vast majority of Cisco routers and all Cisco network switches) is the dominant routing platform on the Internet and corporate networks. This widespread distribution, as well as its architectural deficiencies, makes it a valuable target for hackers looking to att...
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Burlington, MA :
Syngress
c2009.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627551006719 |
Tabla de Contenidos:
- Front Cover; Cisco Router and Switch Forensics: Investigating and Analyzing Malicious Network Activity; Copyright Page; Lead Author and Technical Editor; Contributing Authors; Contents; Introduction; About This Book; Defining a Secure Network; Network Architectures; Equipment Used forthe Examples in This Book; Routers; Switches; Firewalls; Syslog Server; Setting Up a Secure Network; Routers; Switches; Syslog; Wireless Access Points; The Incident; What Happened; Who Spotted It; First Responders; How to Respond; Preserving the Evidence; Relevant Laws; Whom to Call; Law Enforcement Issues
- SummarySolutions Fast Track; Frequently Asked Questions; Chapter 1: Digital Forensics and Analyzing Data; Introduction; The Evolution of Computer Forensics; The Phases of Digital Forensics; Collection; Preparation; Hardware Documentation Difficulties; Difficulties When Collecting Data from RAID Arrays, SANs, and NAS Devices; RAID; SANs; NAS Devices; Difficulties When Collecting Data from Virtual Machines; Difficulties When Conducting Memory Acquisition and Analysis; Examination; Utility of Hash Sets; Difficulties Associated with Examining a System with Full Disk Encryption
- Trusted Platform Module (TPM)Alternative Forensic Processes; Analysis; Analysis of a Single Computer; Metadata; Exchangeable Image File Format; Binary and Malware Analysis; Deleted Items; Data Carving; E-Mail Analysis; Analysis of an Enterprise Event; System Flow Charts; Timelines; Tools for Data Analysis; GREP; Spreadsheets; Databases; Snort; Security Event Management Systems; Reporting; Summary; Solutions Fast Track; Frequently Asked Questions; Endnotes; Chapter 2: Seizure of Digital Information; Introduction; Defining Digital Evidence; Digital Evidence Seizure Methodology
- Seizure Methodology in DepthStep 1: Digital Media Identification; Step 2: Minimizing the Crime Scene by Prioritizing the Physical Media; Step 3: Seizure of Storage Devices and Media; To Pull the Plug or Not to Pull the Plug, That Is the Question; Factors Limiting the Wholesale Seizure of Hardware; Size of Media; Disk Encryption; Privacy Concerns; Delays Related to Laboratory Analysis; The Concept of the First Responder; Other Options for Seizing Digital Evidence; Responding to a Victim of a Crime Where Digital Evidence Is Involved; Seizure Example
- Determining the Presence and Location of Evidentiary Data ObjectsObtaining Information from a Running Computer; Imaging Information On-Scene; Imaging Finite Data Objects On-Scene; Use of Tools for Digital Evidence Collection; Common Threads within Digital Evidence Seizure; Determining the Most Appropriate Seizure Method; Summary; Solutions Fast Track; Frequently Asked Questions; Endnotes; Chapter 3: The Mindsetof a Network Administrator; Introduction; Who Is a Network Administrator?; The God Complex; Job Security; If No One Else Knows How It Works, I Will Continue to Have a Job; Salaries
- Social Engineering
