售 价:¥
温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印
为你推荐
Dedication
About Packt
Why subscribe?
Packt.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Section 1: Obtaining the Evidence
Introducing Network Forensics
Technical requirements
Network forensics investigation methodology
Source of network evidence
Tapping the wire and the air
CAM table on a network switch
Routing tables on routers
Dynamic Host Configuration Protocol logs
DNS servers logs
Domain controller/authentication servers/ system logs
IDS/IPS logs
Firewall logs
Proxy server logs
Wireshark essentials
Identifying conversations and endpoints
Identifying the IP endpoints
Basic filters
Exercise 1 – a noob's keylogger
Exercise 2 – two too many
Summary
Questions and exercises
Further reading
Technical Concepts and Acquiring Evidence
Technical requirements
The inter-networking refresher
Log-based evidence
Application server logs
Database logs
Firewall logs
Proxy logs
IDS logs
Case study – hack attempts
Summary
Questions and exercises
Further reading
Section 2: The Key Concepts
Deep Packet Inspection
Technical requirements
Protocol encapsulation
The Internet Protocol header
The Transmission Control Protocol header
The HTTP packet
Analyzing packets on TCP
Analyzing packets on UDP
Analyzing packets on ICMP
Case study – ICMP Flood or something else
Summary
Questions and exercises
Further reading
Statistical Flow Analysis
Technical requirements
The flow record and flow-record processing systems (FRPS)
Understanding flow-record processing systems
Exploring Netflow
Uniflow and bitflow
Sensor deployment types
Analyzing the flow
Converting PCAP to the IPFIX format
Viewing the IPFIX data
Flow analysis using SiLK
Viewing flow records as text
Summary
Questions
Further reading
Combatting Tunneling and Encryption
Technical requirements
Decrypting TLS using browsers
Decoding a malicious DNS tunnel
Using Scapy to extract packet data
Decrypting 802.11 packets
Decrypting using Aircrack-ng
Decoding keyboard captures
Summary
Questions and exercises
Further reading
Section 3: Conducting Network Forensics
Investigating Good, Known, and Ugly Malware
Technical requirements
Dissecting malware on the network
Finding network patterns
Intercepting malware for fun and profit
PyLocky ransomware decryption using PCAP data
Decrypting hidden tear ransomware
Behavior patterns and analysis
A real-world case study – investigating a banking Trojan on the network
Summary
Questions and exercises
Further reading
Investigating C2 Servers
Technical requirements
Decoding the Metasploit shell
Working with PowerShell obfuscation
Decoding and decompressing with Python
Case study – decrypting the Metasploit Reverse HTTPS Shellcode
Analyzing Empire C2
Case study – CERT.SE's major fraud and hacking criminal case, B 8322-16
Summary
Questions and exercises
Further reading
Investigating and Analyzing Logs
Technical requirements
Network intrusions and footprints
Investigating SSH logs
Investigating web proxy logs
Investigating firewall logs
A case study – defaced servers
Summary
Questions and exercises
Further reading
WLAN Forensics
Technical requirements
The 802.11 standard
Wireless evidence types
Using airodump-ng to tap the air
Packet types and subtypes
Locating wireless devices
Identifying rogue access points
Obvious changes in the MAC address
The tagged perimeters
The time delta analysis
Identifying attacks
Rogue AP attacks
Peer-to-peer attacks
Eavesdropping
Cracking encryption
Authentication attacks
Denial of service
Investigating deauthentication packets
Case study – identifying the attacker
Summary
Questions
Further reading
Automated Evidence Aggregation and Analysis
Technical requirements
Automation using Python and Scapy
Automation through pyshark – Python's tshark
Merging and splitting PCAP data
Splitting PCAP data on parameters
Splitting PCAP data in streams
Large-scale data capturing, collection, and indexing
Summary
Questions and exercises
Further reading
Other Books You May Enjoy
Leave a review - let other readers know what you think
Assessments
Chapter 1: Introducing Network Forensics
Chapter 6: Investigating Good, Known, and Ugly Malware
Chapter 7: Investigating C2 Servers
Chapter 9: WLAN Forensics
买过这本书的人还买过
读了这本书的人还在读
同类图书排行榜