Digital forensics for network, Internet, and cloud computing a forensic evidence guide for moving targets and data
Network forensics is an evolution of typical digital forensics, where evidence is gathered and analyzed from network traffic. This book will help security and network forensics professionals, as well as network administrators, understand the challenges faced by organizations and individuals investig...
| Otros Autores: | , , , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Burlington, MA :
Syngress
[2010]
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627828406719 |
Tabla de Contenidos:
- Front Cover; Half Title Page; Title Page; Copyright Page; Table of Contents; About the Authors; PART I INTRODUCTION; CHAPTER 1. What Is Network Forensics?; Introduction to Cloud Computing; Introduction to the Incident Response Process; Investigative and Forensics Methodologies; Where Network Forensics Fits In; Summary; References; PART II GATHERING EVIDENCE; CHAPTER 2. Capturing Network Traffic; The Importance of DHCP Logs; Using tcpdump/WinDump; Limitations of tcpdump; tcpdump Command Line; Troubleshooting tcpdump; Using Wireshark; Wireshark GUI; Limitations of Wireshark
- Limitations of Using Libpcap and DerivativesWireshark Utilities; TShark; Rawshark; Dumpcap; Mergecap; Editcap; Text2pcap; Using SPAN Ports or TAPS; SPAN Port Issues; Network Tap; Using Fiddler; Firewalls; Placement of Sensors; Summary; CHAPTER 3. Other Network Evidence; Overview of Botnets and Other Network-Aware Malware; The Botnet Life Cycle; Temporal, Relational, and Functional Analyses and Victimology; First Responder Evidence; Sources of Network-Related Evidence; Dynamic Evidence Capture; Malware Analysis: Using Sandbox Technology; Summary
- PART III ANALYZING EVIDENCE WITH OPEN SOURCE SOFTWARECHAPTER 4. Deciphering a TCP Header; OSI and TCP Reference Models; TCP Header; Source Port Number; Destination Port Number; Sequence Number; Acknowledgment Number; Data Offset; Reserved; TCP Flags; Windows Size; TCP Checksum; Urgent Pointer; TCP Options; Padding; Decipherment of a TCP Segment; TCP Signature Analysis; Summary; CHAPTER 5. Using Snort for Network-Based Forensics; IDS Overview; Snort Architecture; Real-Time Network Traffic Capturing; Playback Binary Network Traffic (pcap Format); Snort Preprocessor Component
- Snort Detection Engine ComponentNetwork Forensics Evidence Generated with Snort; Summary; PART IV COMMERCIAL NETWORK FORENSICS APPLICATIONS; CHAPTER 6. Commercial NetFlow Applications; What Is NetFlow?; How Does NetFlow Work?; The Benefit of NetFlow; NetFlow Collection; NetFlow User Datagram Protocol (UDP) Datagrams; NetFlow Header; Enabling NetFlow; Enabling NetFlow v9 (Ingress and Egress); What Is an FNF?; Key Advantages; Enabling FNF; What Is an sFlow?; Enabling sFlow; Which Is Better: NetFlow or sFlow?; Scrutinizer; Scaling; Scrutinizer Forensics Using Flow Analytics
- Using Flow Analytics to Identify Threats within NetFlowSummary; CHAPTER 7. NetWitness Investigator; Introduction; NetWitness Investigator Architecture; Import/Live Capture Network Traffic; Collections; Parsers, Feeds, and Rules; Navigation Views; Data Analysis; Exporting Captured Data; Summary; CHAPTER 8. SilentRunner by AccessData; History of SilentRunner; Parts of the SilentRunner System; Installing SilentRunner; Stand-Alone Installation; Distributed Installation; SilentRunner Terminology; Graphs; Spec Files; Customizing the Analyzer; Context Management; Data Investigator Tools
- Some Final Tricks and Tips
