Identify and safeguard your network against both internal and external threats, hackers, and malware attacks
About This Book
Lay your hands on physical and virtual evidence to understand the sort of crime committed by capturing and analyzing network traffic
Connect the dots by understanding web proxies, firewalls, and routers to close in on your suspect
A hands-on guide to help you solve your case with malware forensic methods and network behaviors
Who This Book Is For
If you are a network administrator, system administrator, information security, or forensics professional and wish to learn network forensic to track the intrusions through network-based evidence, then this book is for you. Basic knowledge of Linux and networking concepts is expected.
What You Will Learn
Understand Internetworking, sources of network-based evidence and other basic technical fundamentals, including the tools that will be used throughout the book
Acquire evidence using traffic acquisition software and know how to manage and handle the evidence
Perform packet analysis by capturing and collecting data, along with content analysis
Locate wireless devices, as well as capturing and analyzing wireless traffic data packets
Implement protocol analysis and content matching; acquire evidence from NIDS/NIPS
Act upon the data and evidence gathered by being able to connect the dots and draw links between various events
Apply logging and interfaces, along with analyzing web proxies and understanding encrypted web traffic
Use IOCs (Indicators of Compromise) and build real-world forensic solutions, dealing with malware
We live in a highly networked world. Every digital device—phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network.
The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to successfully close a case.
Style and approach
An easy-to-follow book filled with real-world case studies and applications. Each topic is explained along with all the practical tools and software needed, allowing the reader to use a completely hands-on approach.
Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.