This chapter describes an approach for Cyber Network Defense (CND) based upon Advanced Log Analysis (ALA) including the following:
The sections are practical and instructional, explaining in sequence how, why, and when each technique applies. The chapter covers advanced techniques for Gawk, Wireshark, tcpdump, and data carving packets into files. It also includes implementation instructions for network sensors, ALA platforms, and cyber investigations.
WILEY.COM CODE DOWNLOADS FOR THIS CHAPTER
The wiley.com code downloads for this chapter are found at www.wiley.com/go/cybersecurity on the Download Code tab. The code is in the Chapter 9 download and individually named according to the names throughout the chapter.
When I implemented network sensors and intrusion detection systems (IDS) on a new ...