舉報 
會員
Hands-On Network Forensics
Networkforensicsisasubsetofdigitalforensicsthatdealswithnetworkattacksandtheirinvestigation.Intheeraofnetworkattacksandmalwarethreat,it’snowmoreimportantthanevertohaveskillstoinvestigatenetworkattacksandvulnerabilities.Hands-OnNetworkForensicsstartswiththecoreconceptswithinnetworkforensics,includingcoding,networking,forensicstools,andmethodologiesforforensicinvestigations.You’llthenexplorethetoolsusedfornetworkforensics,followedbyunderstandinghowtoapplythosetoolstoaPCAPfileandwritetheaccompanyingreport.Inadditiontothis,youwillunderstandhowstatisticalflowanalysis,networkenumeration,tunnelingandencryption,andmalwaredetectioncanbeusedtoinvestigateyournetwork.Towardstheendofthisbook,youwilldiscoverhownetworkcorrelationworksandhowtobringalltheinformationfromdifferenttypesofnetworkdevicestogether.Bytheendofthisbook,youwillhavegainedhands-onexperienceofperformingforensicsanalysistasks.
目錄(172章)
倒序
- coverpage
- Title Page
- Copyright and Credits
- Hands-On Network Forensics
- Dedication
- About Packt
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Disclaimer
- Section 1: Obtaining the Evidence
- Introducing Network Forensics
- Technical requirements
- Network forensics investigation methodology
- Source of network evidence
- Tapping the wire and the air
- CAM table on a network switch
- Routing tables on routers
- Dynamic Host Configuration Protocol logs
- DNS servers logs
- Domain controller/authentication servers/ system logs
- IDS/IPS logs
- Firewall logs
- Proxy server logs
- Wireshark essentials
- Identifying conversations and endpoints
- Identifying the IP endpoints
- Basic filters
- Exercise 1 – a noob's keylogger
- Exercise 2 – two too many
- Summary
- Questions and exercises
- Further reading
- Technical Concepts and Acquiring Evidence
- Technical requirements
- The inter-networking refresher
- Log-based evidence
- Application server logs
- Database logs
- Firewall logs
- Proxy logs
- IDS logs
- Case study – hack attempts
- Summary
- Questions and exercises
- Further reading
- Section 2: The Key Concepts
- Deep Packet Inspection
- Technical requirements
- Protocol encapsulation
- The Internet Protocol header
- The Transmission Control Protocol header
- The HTTP packet
- Analyzing packets on TCP
- Analyzing packets on UDP
- Analyzing packets on ICMP
- Case study – ICMP Flood or something else
- Summary
- Questions and exercises
- Further reading
- Statistical Flow Analysis
- Technical requirements
- The flow record and flow-record processing systems (FRPS)
- Understanding flow-record processing systems
- Exploring Netflow
- Uniflow and bitflow
- Sensor deployment types
- Analyzing the flow
- Converting PCAP to the IPFIX format
- Viewing the IPFIX data
- Flow analysis using SiLK
- Viewing flow records as text
- Summary
- Questions
- Further reading
- Combatting Tunneling and Encryption
- Technical requirements
- Decrypting TLS using browsers
- Decoding a malicious DNS tunnel
- Using Scapy to extract packet data
- Decrypting 802.11 packets
- Decrypting using Aircrack-ng
- Decoding keyboard captures
- Summary
- Questions and exercises
- Further reading
- Section 3: Conducting Network Forensics
- Investigating Good Known and Ugly Malware
- Technical requirements
- Dissecting malware on the network
- Finding network patterns
- Intercepting malware for fun and profit
- PyLocky ransomware decryption using PCAP data
- Decrypting hidden tear ransomware
- Behavior patterns and analysis
- A real-world case study – investigating a banking Trojan on the network
- Summary
- Questions and exercises
- Further reading
- Investigating C2 Servers
- Technical requirements
- Decoding the Metasploit shell
- Working with PowerShell obfuscation
- Decoding and decompressing with Python
- Case study – decrypting the Metasploit Reverse HTTPS Shellcode
- Analyzing Empire C2
- Case study – CERT.SE's major fraud and hacking criminal case B 8322-16
- Summary
- Questions and exercises
- Further reading
- Investigating and Analyzing Logs
- Technical requirements
- Network intrusions and footprints
- Investigating SSH logs
- Investigating web proxy logs
- Investigating firewall logs
- A case study – defaced servers
- Summary
- Questions and exercises
- Further reading
- WLAN Forensics
- Technical requirements
- The 802.11 standard
- Wireless evidence types
- Using airodump-ng to tap the air
- Packet types and subtypes
- Locating wireless devices
- Identifying rogue access points
- Obvious changes in the MAC address
- The tagged perimeters
- The time delta analysis
- Identifying attacks
- Rogue AP attacks
- Peer-to-peer attacks
- Eavesdropping
- Cracking encryption
- Authentication attacks
- Denial of service
- Investigating deauthentication packets
- Case study – identifying the attacker
- Summary
- Questions
- Further reading
- Automated Evidence Aggregation and Analysis
- Technical requirements
- Automation using Python and Scapy
- Automation through pyshark – Python's tshark
- Merging and splitting PCAP data
- Splitting PCAP data on parameters
- Splitting PCAP data in streams
- Large-scale data capturing collection and indexing
- Summary
- Questions and exercises
- Further reading
- Other Books You May Enjoy
- Leave a review - let other readers know what you think
- Assessments
- Chapter 1: Introducing Network Forensics
- Chapter 6: Investigating Good Known and Ugly Malware
- Chapter 7: Investigating C2 Servers
- Chapter 9: WLAN Forensics 更新時間:2021-06-24 16:04:54
推薦閱讀
- 計算機網絡安全技術(第6版·慕課版)
- 工業互聯網安全
- Metasploit Penetration Testing Cookbook(Third Edition)
- 云原生安全與DevOps保障
- API安全技術與實戰
- 網絡安全應急響應實戰
- 構建新型網絡形態下的網絡空間安全體系
- 華為Anti-DDoS技術漫談
- 復雜信息系統網絡安全體系建設指南
- 黑客攻擊與防范實戰從入門到精通
- 網絡空間安全實戰基礎
- 從實踐中學習Nmap滲透測試
- 密碼朋克:自由與互聯網的未來
- 隱私計算與密碼學應用實踐
- 大話數據恢復
- 網站入侵與腳本技術快速防殺
- 黑客與安全技術指南
- 網絡安全等級保護2.0:定級、測評、實施與運維
- 網絡設備安全與防火墻
- 商用密碼權威指南:技術詳解、產品開發與工程實踐
- 關鍵信息基礎設施安全保護方法與應用
- 從實踐中學習Nessus與OpenVAS漏洞掃描
- 可信軟件若干關鍵技術的研究
- 數字與安全:數智時代安全先鋒
- 內生安全:新一代網絡安全框架體系與實踐
- 黑客大曝光:惡意軟件和Rootkit安全(原書第2版)
- Windows 7安全指南
- 工業互聯網信息安全技術
- 維護網絡空間安全:中國網絡安全法解讀
- AWD特訓營:技術解析、賽題實戰與競賽技巧
