Absolutely Australia's Lowest Prices

Shop over 1.5 Million Toys in our Huge New Range

Network Forensics
By

Rating
Product Details

Table of Contents

Introduction xxi 1 Introduction to Network Forensics 1 What Is Forensics? 3 Handling Evidence 4 Cryptographic Hashes 5 Chain of Custody 8 Incident Response 8 The Need for Network Forensic Practitioners 10 Summary 11 References 12 2 Networking Basics 13 Protocols 14 Open Systems Interconnection (OSI) Model 16 TCP/IP Protocol Suite 18 Protocol Data Units 19 Request for Comments 20 Internet Registries 23 Internet Protocol and Addressing 25 Internet Protocol Addresses 28 Internet Control Message Protocol (ICMP) 31 Internet Protocol Version 6 (IPv6) 31 Transmission Control Protocol (TCP) 33 Connection-Oriented Transport 36 User Datagram Protocol (UDP) 38 Connectionless Transport 39 Ports 40 Domain Name System 42 Support Protocols (DHCP) 46 Support Protocols (ARP) 48 Summary 49 References 51 3 Host-Side Artifacts 53 Services 54 Connections 60 Tools 62 netstat 63 nbstat 66 ifconfi g/ipconfi g 68 Sysinternals 69 ntop 73 Task Manager/Resource Monitor 75 ARP 77 /proc Filesystem 78 Summary 79 4 Packet Capture and Analysis 81 Capturing Packets 82 Tcpdump/Tshark 84 Wireshark 89 Taps 91 Port Spanning 93 ARP Spoofi ng 94 Passive Scanning 96 Packet Analysis with Wireshark 98 Packet Decoding 98 Filtering 101 Statistics 102 Following Streams 105 Gathering Files 106 Network Miner 108 Summary 110 5 Attack Types 113 Denial of Service Attacks 114 SYN Floods 115 Malformed Packets 118 UDP Floods 122 Amplifi cation Attacks 124 Distributed Attacks 126 Backscatter 128 Vulnerability Exploits 130 Insider Threats 132 Evasion 134 Application Attacks 136 Summary 140 6 Location Awareness 143 Time Zones 144 Using whois 147 Traceroute 150 Geolocation 153 Location-Based Services 156 WiFi Positioning 157 Summary 158 7 Preparing for Attacks 159 NetFlow 160 Logging 165 Syslog 166 Windows Event Logs 171 Firewall Logs 173 Router and Switch Logs 177 Log Servers and Monitors 178 Antivirus 180 Incident Response Preparation 181 Google Rapid Response 182 Commercial Offerings 182 Security Information and Event Management 183 Summary 185 8 Intrusion Detection Systems 187 Detection Styles 188 Signature-Based 188 Heuristic 189 Host-Based versus Network-Based 190 Snort 191 Suricata and Sagan 201 Bro 203 Tripwire 205 OSSEC 206 Architecture 206 Alerting 207 Summary 208 9 Using Firewall and Application Logs 211 Syslog 212 Centralized Logging 216 Reading Log Messages 220 LogWatch 222 Event Viewer 224 Querying Event Logs 227 Clearing Event Logs 231 Firewall Logs 233 Proxy Logs 236 Web Application Firewall Logs 238 Common Log Format 240 Summary 243 10 Correlating Attacks 245 Time Synchronization 246 Time Zones 246 Network Time Protocol 247 Packet Capture Times 249 Log Aggregation and Management 251 Windows Event Forwarding 251 Syslog 252 Log Management Offerings 254 Timelines 257 Plaso 258 PacketTotal 259 Wireshark 261 Security Information and Event Management 262 Summary 263 11 Network Scanning 265 Port Scanning 266 Operating System Analysis 271 Scripts 273 Banner Grabbing 275 Ping Sweeps 278 Vulnerability Scanning 280 Port Knocking 285 Tunneling 286 Passive Data Gathering 287 Summary 289 12 Final Considerations 291 Encryption 292 Keys 293 Symmetric 294 Asymmetric 295 Hybrid 296 SSL/TLS 297 Cloud Computing 306 Infrastructure as a Service 306 Storage as a Service 309 Software as a Service 310 Other Factors 311 The Onion Router (TOR) 314 Summary 317 Index 319

About the Author

RIC MESSIER has been program director for various cyber-security and computer forensics programs at Champlain College. A veteran of the networking and computer security field since the early 1980s, he has worked at large Internet service providers and small software companies. He has been responsible for the development of numerous course materials, has served on incident response teams, and has been consulted on forensic investigations for large companies.

Ask a Question About this Product More...
Write your question below:
Look for similar items by category
Home » Books
How Fishpond Works
Fishpond works with suppliers all over the world to bring you a huge selection of products, really great prices, and delivery included on over 25 million products that we sell. We do our best every day to make Fishpond an awesome place for customers to shop and get what they want — all at the best prices online.
Webmasters, Bloggers & Website Owners
You can earn a 5% commission by selling Network Forensics on your website. It's easy to get started - we will give you example code. After you're set-up, your website can earn you money while you work, play or even sleep! You should start right now!
Authors / Publishers
Are you the Author or Publisher of a book? Or the manufacturer of one of the millions of products that we sell. You can improve sales and grow your revenue by submitting additional information on this title. The better the information we have about a product, the more we will sell!
Item ships from and is sold by Fishpond World Ltd.
Back to top