Learning Network Forensics电子书

Learning Network Forensics

Table of Contents

Learning Network Forensics

Credits

About the Author

About the Reviewers

www.PacktPub.com

eBooks, discount offers, and more

Why subscribe?

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the color images of this book

Errata

Piracy

Questions

1. Becoming Network 007s

007 characteristics in the network world

Bond characteristics for getting to satisfactory completion of the case

The TAARA methodology for network forensics

Identifying threats to the enterprise

Internal threats

External threats

Data breach surveys

Locard's exchange principle

Defining network forensics

Differentiating between computer forensics and network forensics

Strengthening our technical fundamentals

The seven-layer model

The TCP/IP model

Understanding the concept of interconnection between networks/Internet

Internet Protocol (IP)

Structure of an IP packet

Transmission Control Protocol (TCP)

User Datagram Protocol (UDP)

Internet application protocols

Understanding network security

Types of threats

Internal threats

External threats

Network security goals

Confidentiality

Integrity

Availability

How are networks exploited?

Digital footprints

Summary

2. Laying Hands on the Evidence

Identifying sources of evidence

Evidence obtainable from within the network

Evidence from outside the network

Learning to handle the evidence

Rules for the collection of digital evidence

Rule 1: never mishandle the evidence

Rule 2: never work on the original evidence or system

Rule 3: document everything

Collecting network traffic using tcpdump

Installing tcpdump

Understanding tcpdump command parameters

Capturing network traffic using tcpdump

Collecting network traffic using Wireshark

Using Wireshark

Collecting network logs

Acquiring memory using FTK Imager

Summary

3. Capturing & Analyzing Data Packets

Tapping into network traffic

Passive and active sniffing on networks

Packet sniffing and analysis using Wireshark

Packet sniffing and analysis using NetworkMiner

Case study – tracking down an insider

Summary

4. Going Wireless

Laying the foundation – IEEE 802.11

Understanding wireless protection and security

Wired equivalent privacy

Wi-Fi protected access

Wi-Fi Protected Access II

Securing your Wi-Fi network

Discussing common attacks on Wi-Fi networks

Incidental connection

Malicious connection

Ad hoc connection

Non-traditional connections

Spoofed connections

Man-in-the-middle (MITM) connections

The denial-of-service (DoS) attack

Capturing and analyzing wireless traffic

Sniffing challenges in a Wi-Fi world

Configuring our network card

Sniffing packets with Wireshark

Analyzing wireless packet capture

Summary

5. Tracking an Intruder on the Network

Understanding Network Intrusion Detection Systems

Understanding Network Intrusion Prevention Systems

Modes of detection

Pattern matching

Anomaly detection

Differentiating between NIDS and NIPS

Using SNORT for network intrusion detection and prevention

The sniffer mode

The packet logger mode

The network intrusion detection/prevention mode

Summary

6. Connecting the Dots – Event Logs

Understanding log formats

Use case

Discovering the connection between logs and forensics

Security logs

System logs

Application logs

Practicing sensible log management

Log management infrastructure

Log management planning and policies

Analyzing network logs using Splunk

Summary

7. Proxies, Firewalls, and Routers

Getting proxies to confess

Roles proxies play

Types of proxies

Understanding proxies

Excavating the evidence

Making firewalls talk

Different types of firewalls

Packet filter firewalls

Stateful inspection firewalls

Application layer firewalls

Interpreting firewall logs

Tales routers tell

Summary

8. Smuggling Forbidden Protocols – Network Tunneling

Understanding VPNs

Types of VPNs

Remote access VPNs

Point-to-point VPNs

The AAA of VPNs

How does tunneling work?

SSH tunneling

Types of tunneling protocols

The Point-to-Point Tunneling Protocol

Layer 2 Tunneling Protocol

Secure Socket Tunneling Protocol

Various VPN vulnerabilities & logging

Summary

9. Investigating Malware – Cyber Weapons of the Internet

Knowing malware

Malware objectives

Malware origins

Trends in the evolution of malware

Malware types and their impact

Adware

Spyware

Virus

Worms

Trojans

Rootkits

Backdoors

Keyloggers

Ransomware

Browser hijackers

Botnets

Understanding malware payload behavior

Destructive

Identity theft

Espionage

Financial fraud

Theft of data

Misuse of resources

Malware attack architecture

Indicators of Compromise

Performing malware forensics

Malware insight – Gameover Zeus Trojan

Summary

10. Closing the Deal – Solving the Case

Revisiting the TAARA investigation methodology

Triggering the case

Trigger of the case

Acquiring the information and evidence

Important handling guidelines

Gathering information and acquiring the evidence

Analyzing the collected data – digging deep

Reporting the case

Action for the future

Future of network forensics

Summary

Index