{"product_id":"network-forensics-isbn-9781119328285","title":"Network Forensics","description":"\u003cb\u003eIntensively hands-on training for real-world network forensics\u003c\/b\u003e \u003cp\u003e\u003ci\u003eNetwork Forensics \u003c\/i\u003e provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity. This book is hands-on all the way—by dissecting packets, you gain fundamental knowledge that only comes from experience. Real packet captures and log files demonstrate network traffic investigation, and the learn-by-doing approach relates the essential skills that traditional forensics investigators may not have. From network packet analysis to host artifacts to log analysis and beyond, this book emphasizes the critical techniques that bring evidence to light. \u003c\/p\u003e\u003cp\u003eNetwork forensics is a growing field, and is becoming increasingly central to law enforcement as cybercrime becomes more and more sophisticated. This book provides an unprecedented level of hands-on training to give investigators the skills they need. \u003c\/p\u003e\u003cul\u003e \u003cli\u003eInvestigate packet captures to examine network communications\u003c\/li\u003e \u003cli\u003eLocate host-based artifacts and analyze network logs\u003c\/li\u003e \u003cli\u003eUnderstand intrusion detection systems—and let them do the legwork\u003c\/li\u003e \u003cli\u003eHave the right architecture and systems in place ahead of an incident\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eNetwork data is always changing, and is never saved in one place; an investigator must understand how to examine data over time, which involves specialized skills that go above and beyond memory, mobile, or data forensics. Whether you're preparing for a security certification or just seeking deeper training for a law enforcement or IT role, you can only learn so much from concept; to thoroughly understand something, you need to \u003ci\u003edo\u003c\/i\u003e it. \u003ci\u003eNetwork Forensics\u003c\/i\u003e provides intensive hands-on practice with direct translation to real-world application. \u003c\/p\u003e\u003cp\u003eIntroduction xxi\u003c\/p\u003e \u003cp\u003e\u003cb\u003e1 Introduction to Network Forensics 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Is Forensics? 3\u003c\/p\u003e \u003cp\u003eHandling Evidence 4\u003c\/p\u003e \u003cp\u003eCryptographic Hashes 5\u003c\/p\u003e \u003cp\u003eChain of Custody 8\u003c\/p\u003e \u003cp\u003eIncident Response 8\u003c\/p\u003e \u003cp\u003eThe Need for Network Forensic Practitioners 10\u003c\/p\u003e \u003cp\u003eSummary 11\u003c\/p\u003e \u003cp\u003eReferences 12\u003c\/p\u003e \u003cp\u003e\u003cb\u003e2 Networking Basics 13\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eProtocols 14\u003c\/p\u003e \u003cp\u003eOpen Systems Interconnection (OSI) Model 16\u003c\/p\u003e \u003cp\u003eTCP\/IP Protocol Suite 18\u003c\/p\u003e \u003cp\u003eProtocol Data Units 19\u003c\/p\u003e \u003cp\u003eRequest for Comments 20\u003c\/p\u003e \u003cp\u003eInternet Registries 23\u003c\/p\u003e \u003cp\u003eInternet Protocol and Addressing 25\u003c\/p\u003e \u003cp\u003eInternet Protocol Addresses 28\u003c\/p\u003e \u003cp\u003eInternet Control Message Protocol (ICMP) 31\u003c\/p\u003e \u003cp\u003eInternet Protocol Version 6 (IPv6) 31\u003c\/p\u003e \u003cp\u003eTransmission Control Protocol (TCP) 33\u003c\/p\u003e \u003cp\u003eConnection-Oriented Transport 36\u003c\/p\u003e \u003cp\u003eUser Datagram Protocol (UDP) 38\u003c\/p\u003e \u003cp\u003eConnectionless Transport 39\u003c\/p\u003e \u003cp\u003ePorts 40\u003c\/p\u003e \u003cp\u003eDomain Name System 42\u003c\/p\u003e \u003cp\u003eSupport Protocols (DHCP) 46\u003c\/p\u003e \u003cp\u003eSupport Protocols (ARP) 48\u003c\/p\u003e \u003cp\u003eSummary 49\u003c\/p\u003e \u003cp\u003eReferences 51\u003c\/p\u003e \u003cp\u003e\u003cb\u003e3 Host-Side Artifacts 53\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eServices 54\u003c\/p\u003e \u003cp\u003eConnections 60\u003c\/p\u003e \u003cp\u003eTools 62\u003c\/p\u003e \u003cp\u003enetstat 63\u003c\/p\u003e \u003cp\u003enbstat 66\u003c\/p\u003e \u003cp\u003eifconfi g\/ipconfi g 68\u003c\/p\u003e \u003cp\u003eSysinternals 69\u003c\/p\u003e \u003cp\u003entop 73\u003c\/p\u003e \u003cp\u003eTask Manager\/Resource Monitor 75\u003c\/p\u003e \u003cp\u003eARP 77\u003c\/p\u003e \u003cp\u003e\/proc Filesystem 78\u003c\/p\u003e \u003cp\u003eSummary 79\u003c\/p\u003e \u003cp\u003e\u003cb\u003e4 Packet Capture and Analysis 81\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCapturing Packets 82\u003c\/p\u003e \u003cp\u003eTcpdump\/Tshark 84\u003c\/p\u003e \u003cp\u003eWireshark 89\u003c\/p\u003e \u003cp\u003eTaps 91\u003c\/p\u003e \u003cp\u003ePort Spanning 93\u003c\/p\u003e \u003cp\u003eARP Spoofi ng 94\u003c\/p\u003e \u003cp\u003ePassive Scanning 96\u003c\/p\u003e \u003cp\u003ePacket Analysis with Wireshark 98\u003c\/p\u003e \u003cp\u003ePacket Decoding 98\u003c\/p\u003e \u003cp\u003eFiltering 101\u003c\/p\u003e \u003cp\u003eStatistics 102\u003c\/p\u003e \u003cp\u003eFollowing Streams 105\u003c\/p\u003e \u003cp\u003eGathering Files 106\u003c\/p\u003e \u003cp\u003eNetwork Miner 108\u003c\/p\u003e \u003cp\u003eSummary 110\u003c\/p\u003e \u003cp\u003e\u003cb\u003e5 Attack Types 113\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDenial of Service Attacks 114\u003c\/p\u003e \u003cp\u003eSYN Floods 115\u003c\/p\u003e \u003cp\u003eMalformed Packets 118\u003c\/p\u003e \u003cp\u003eUDP Floods 122\u003c\/p\u003e \u003cp\u003eAmplifi cation Attacks 124\u003c\/p\u003e \u003cp\u003eDistributed Attacks 126\u003c\/p\u003e \u003cp\u003eBackscatter 128\u003c\/p\u003e \u003cp\u003eVulnerability Exploits 130\u003c\/p\u003e \u003cp\u003eInsider Threats 132\u003c\/p\u003e \u003cp\u003eEvasion 134\u003c\/p\u003e \u003cp\u003eApplication Attacks 136\u003c\/p\u003e \u003cp\u003eSummary 140\u003c\/p\u003e \u003cp\u003e\u003cb\u003e6 Location Awareness 143\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTime Zones 144\u003c\/p\u003e \u003cp\u003eUsing whois 147\u003c\/p\u003e \u003cp\u003eTraceroute 150\u003c\/p\u003e \u003cp\u003eGeolocation 153\u003c\/p\u003e \u003cp\u003eLocation-Based Services 156\u003c\/p\u003e \u003cp\u003eWiFi Positioning 157\u003c\/p\u003e \u003cp\u003eSummary 158\u003c\/p\u003e \u003cp\u003e\u003cb\u003e7 Preparing for Attacks 159\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eNetFlow 160\u003c\/p\u003e \u003cp\u003eLogging 165\u003c\/p\u003e \u003cp\u003eSyslog 166\u003c\/p\u003e \u003cp\u003eWindows Event Logs 171\u003c\/p\u003e \u003cp\u003eFirewall Logs 173\u003c\/p\u003e \u003cp\u003eRouter and Switch Logs 177\u003c\/p\u003e \u003cp\u003eLog Servers and Monitors 178\u003c\/p\u003e \u003cp\u003eAntivirus 180\u003c\/p\u003e \u003cp\u003eIncident Response Preparation 181\u003c\/p\u003e \u003cp\u003eGoogle Rapid Response 182\u003c\/p\u003e \u003cp\u003eCommercial Offerings 182\u003c\/p\u003e \u003cp\u003eSecurity Information and Event Management 183\u003c\/p\u003e \u003cp\u003eSummary 185\u003c\/p\u003e \u003cp\u003e\u003cb\u003e8 Intrusion Detection Systems 187\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDetection Styles 188\u003c\/p\u003e \u003cp\u003eSignature-Based 188\u003c\/p\u003e \u003cp\u003eHeuristic 189\u003c\/p\u003e \u003cp\u003eHost-Based versus Network-Based 190\u003c\/p\u003e \u003cp\u003eSnort 191\u003c\/p\u003e \u003cp\u003eSuricata and Sagan 201\u003c\/p\u003e \u003cp\u003eBro 203\u003c\/p\u003e \u003cp\u003eTripwire 205\u003c\/p\u003e \u003cp\u003eOSSEC 206\u003c\/p\u003e \u003cp\u003eArchitecture 206\u003c\/p\u003e \u003cp\u003eAlerting 207\u003c\/p\u003e \u003cp\u003eSummary 208\u003c\/p\u003e \u003cp\u003e\u003cb\u003e9 Using Firewall and Application Logs 211\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSyslog 212\u003c\/p\u003e \u003cp\u003eCentralized Logging 216\u003c\/p\u003e \u003cp\u003eReading Log Messages 220\u003c\/p\u003e \u003cp\u003eLogWatch 222\u003c\/p\u003e \u003cp\u003eEvent Viewer 224\u003c\/p\u003e \u003cp\u003eQuerying Event Logs 227\u003c\/p\u003e \u003cp\u003eClearing Event Logs 231\u003c\/p\u003e \u003cp\u003eFirewall Logs 233\u003c\/p\u003e \u003cp\u003eProxy Logs 236\u003c\/p\u003e \u003cp\u003eWeb Application Firewall Logs 238\u003c\/p\u003e \u003cp\u003eCommon Log Format 240\u003c\/p\u003e \u003cp\u003eSummary 243\u003c\/p\u003e \u003cp\u003e\u003cb\u003e10 Correlating Attacks 245\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTime Synchronization 246\u003c\/p\u003e \u003cp\u003eTime Zones 246\u003c\/p\u003e \u003cp\u003eNetwork Time Protocol 247\u003c\/p\u003e \u003cp\u003ePacket Capture Times 249\u003c\/p\u003e \u003cp\u003eLog Aggregation and Management 251\u003c\/p\u003e \u003cp\u003eWindows Event Forwarding 251\u003c\/p\u003e \u003cp\u003eSyslog 252\u003c\/p\u003e \u003cp\u003eLog Management Offerings 254\u003c\/p\u003e \u003cp\u003eTimelines 257\u003c\/p\u003e \u003cp\u003ePlaso 258\u003c\/p\u003e \u003cp\u003ePacketTotal 259\u003c\/p\u003e \u003cp\u003eWireshark 261\u003c\/p\u003e \u003cp\u003eSecurity Information and Event Management 262\u003c\/p\u003e \u003cp\u003eSummary 263\u003c\/p\u003e \u003cp\u003e\u003cb\u003e11 Network Scanning 265\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePort Scanning 266\u003c\/p\u003e \u003cp\u003eOperating System Analysis 271\u003c\/p\u003e \u003cp\u003eScripts 273\u003c\/p\u003e \u003cp\u003eBanner Grabbing 275\u003c\/p\u003e \u003cp\u003ePing Sweeps 278\u003c\/p\u003e \u003cp\u003eVulnerability Scanning 280\u003c\/p\u003e \u003cp\u003ePort Knocking 285\u003c\/p\u003e \u003cp\u003eTunneling 286\u003c\/p\u003e \u003cp\u003ePassive Data Gathering 287\u003c\/p\u003e \u003cp\u003eSummary 289\u003c\/p\u003e \u003cp\u003e\u003cb\u003e12 Final Considerations 291\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eEncryption 292\u003c\/p\u003e \u003cp\u003eKeys 293\u003c\/p\u003e \u003cp\u003eSymmetric 294\u003c\/p\u003e \u003cp\u003eAsymmetric 295\u003c\/p\u003e \u003cp\u003eHybrid 296\u003c\/p\u003e \u003cp\u003eSSL\/TLS 297\u003c\/p\u003e \u003cp\u003eCloud Computing 306\u003c\/p\u003e \u003cp\u003eInfrastructure as a Service 306\u003c\/p\u003e \u003cp\u003eStorage as a Service 309\u003c\/p\u003e \u003cp\u003eSoftware as a Service 310\u003c\/p\u003e \u003cp\u003eOther Factors 311\u003c\/p\u003e \u003cp\u003eThe Onion Router (TOR) 314\u003c\/p\u003e \u003cp\u003eSummary 317\u003c\/p\u003e \u003cp\u003eIndex 319\u003c\/p\u003e   \u003cp\u003e\u003cb\u003eRIC MESSIER\u003c\/b\u003e has been program director for various cyber-security and computer forensics programs at Champlain College. A veteran of the networking and computer security field since the early 1980s, he has worked at large Internet service providers and small software companies. He has been responsible for the development of numerous course materials, has served on incident response teams, and has been consulted on forensic investigations for large companies.  \u003c\/p\u003e\u003cp\u003e\u003cb\u003eThe hands-on training you need to develop vital network forensics skills\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAs cybercrime grows ever more sophisticated, IT and law enforcement professionals have a constantly expanding need for up-to-the-minute skills in identifying, verifying, and preventing network attacks. Network forensics is a dynamic field, and practitioners need to stay on top of ever-evolving threats. To do this effectively, you need hands-on experience.\u003c\/p\u003e \u003cp\u003e\u003ci\u003eNetwork Forensics\u003c\/i\u003e not only teaches the concepts involved, but also lets you practice actually taking the necessary steps to expose vital evidence. Because network data is always changing and never saved in one place, the network forensic specialist must understand how to examine data over time. Network forensics expert Ric Messier provides what you need to know through the use of dissecting packets, using real packet captures and log files to demonstrate performing a forensic investigation on network traffic. You'll learn both the \"why\" and the \"how,\" enabling you to quickly and easily apply your knowledge to actual situations on the job.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eBecause \u003ci\u003eNetwork Forensics\u003c\/i\u003e lets you roll up your sleeves and really practice essential steps, you'll learn to\u003c\/b\u003e:\u003c\/p\u003e \u003cul\u003e \u003cli\u003eInvestigate packet captures to identify network communications involved in an attack or crime\u003c\/li\u003e \u003cli\u003eLocate host-based artifacts left by network communications\u003c\/li\u003e \u003cli\u003eUse logs left behind by network services to correlate with packet captures\u003c\/li\u003e \u003cli\u003eUnderstand intrusion detection systems and use them for investigative work\u003c\/li\u003e \u003cli\u003ePrepare for an incident by having the right network architecture and systems in place\u003c\/li\u003e \u003c\/ul\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989680931045,"sku":"NP9781119328285","price":46.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781119328285.jpg?v=1761785081","url":"https:\/\/k12savings.com\/es\/products\/network-forensics-isbn-9781119328285","provider":"K12savings","version":"1.0","type":"link"}