万本电子书0元读

万本电子书0元读

顶部广告

Hands-On Network Forensics电子书

售       价:¥

0人正在读 | 0人评论 9.8

作       者:Nipun Jaswal

出  版  社:Packt Publishing

出版时间:2019-03-30

字       数:21.6万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
Gain basic skills in network forensics and learn how to apply them effectively Key Features * Investigate network threats with ease * Practice forensics tasks such as intrusion detection, network analysis, and scanning * Learn forensics investigation at the network level Book Description Network forensics is a subset of digital forensics that deals with network attacks and their investigation. In the era of network attacks and malware threat, it’s now more important than ever to have skills to investigate network attacks and vulnerabilities. Hands-On Network Forensics starts with the core concepts within network forensics, including coding, networking, forensics tools, and methodologies for forensic investigations. You’ll then explore the tools used for network forensics, followed by understanding how to apply those tools to a PCAP file and write the accompanying report. In addition to this, you will understand how statistical flow analysis, network enumeration, tunneling and encryption, and malware detection can be used to investigate your network. Towards the end of this book, you will discover how network correlation works and how to bring all the information from different types of network devices together. By the end of this book, you will have gained hands-on experience of performing forensics analysis tasks. What you will learn * Discover and interpret encrypted traffic * Learn about various protocols * Understand the malware language over wire * Gain insights into the most widely used malware * Correlate data collected from attacks * Develop tools and custom scripts for network forensics automation Who this book is for The book targets incident responders, network engineers, analysts, forensic engineers and network administrators who want to extend their knowledge from the surface to the deep levels of understanding the science behind network protocols, critical indicators in an incident and conducting a forensic search over the wire.
目录展开

Dedication

About Packt

Why subscribe?

Packt.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Disclaimer

Section 1: Obtaining the Evidence

Introducing Network Forensics

Technical requirements

Network forensics investigation methodology

Source of network evidence

Tapping the wire and the air

CAM table on a network switch

Routing tables on routers

Dynamic Host Configuration Protocol logs

DNS servers logs

Domain controller/authentication servers/ system logs

IDS/IPS logs

Firewall logs

Proxy server logs

Wireshark essentials

Identifying conversations and endpoints

Identifying the IP endpoints

Basic filters

Exercise 1 – a noob's keylogger

Exercise 2 – two too many

Summary

Questions and exercises

Further reading

Technical Concepts and Acquiring Evidence

Technical requirements

The inter-networking refresher

Log-based evidence

Application server logs

Database logs

Firewall logs

Proxy logs

IDS logs

Case study – hack attempts

Summary

Questions and exercises

Further reading

Section 2: The Key Concepts

Deep Packet Inspection

Technical requirements

Protocol encapsulation

The Internet Protocol header

The Transmission Control Protocol header

The HTTP packet

Analyzing packets on TCP

Analyzing packets on UDP

Analyzing packets on ICMP

Case study – ICMP Flood or something else

Summary

Questions and exercises

Further reading

Statistical Flow Analysis

Technical requirements

The flow record and flow-record processing systems (FRPS)

Understanding flow-record processing systems

Exploring Netflow

Uniflow and bitflow

Sensor deployment types

Analyzing the flow

Converting PCAP to the IPFIX format

Viewing the IPFIX data

Flow analysis using SiLK

Viewing flow records as text

Summary

Questions

Further reading

Combatting Tunneling and Encryption

Technical requirements

Decrypting TLS using browsers

Decoding a malicious DNS tunnel

Using Scapy to extract packet data

Decrypting 802.11 packets

Decrypting using Aircrack-ng

Decoding keyboard captures

Summary

Questions and exercises

Further reading

Section 3: Conducting Network Forensics

Investigating Good, Known, and Ugly Malware

Technical requirements

Dissecting malware on the network

Finding network patterns

Intercepting malware for fun and profit

PyLocky ransomware decryption using PCAP data

Decrypting hidden tear ransomware

Behavior patterns and analysis

A real-world case study – investigating a banking Trojan on the network

Summary

Questions and exercises

Further reading

Investigating C2 Servers

Technical requirements

Decoding the Metasploit shell

Working with PowerShell obfuscation

Decoding and decompressing with Python

Case study – decrypting the Metasploit Reverse HTTPS Shellcode

Analyzing Empire C2

Case study – CERT.SE's major fraud and hacking criminal case, B 8322-16

Summary

Questions and exercises

Further reading

Investigating and Analyzing Logs

Technical requirements

Network intrusions and footprints

Investigating SSH logs

Investigating web proxy logs

Investigating firewall logs

A case study – defaced servers

Summary

Questions and exercises

Further reading

WLAN Forensics

Technical requirements

The 802.11 standard

Wireless evidence types

Using airodump-ng to tap the air

Packet types and subtypes

Locating wireless devices

Identifying rogue access points

Obvious changes in the MAC address

The tagged perimeters

The time delta analysis

Identifying attacks

Rogue AP attacks

Peer-to-peer attacks

Eavesdropping

Cracking encryption

Authentication attacks

Denial of service

Investigating deauthentication packets

Case study – identifying the attacker

Summary

Questions

Further reading

Automated Evidence Aggregation and Analysis

Technical requirements

Automation using Python and Scapy

Automation through pyshark – Python's tshark

Merging and splitting PCAP data

Splitting PCAP data on parameters

Splitting PCAP data in streams

Large-scale data capturing, collection, and indexing

Summary

Questions and exercises

Further reading

Other Books You May Enjoy

Leave a review - let other readers know what you think

Assessments

Chapter 1: Introducing Network Forensics

Chapter 6: Investigating Good, Known, and Ugly Malware

Chapter 7: Investigating C2 Servers

Chapter 9: WLAN Forensics

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部