Network Forensics
Autor Sherri Davidoff, Jonathan Hamen Limba Engleză Hardback – 31 mai 2012
Preț: 430.77 lei
Preț vechi: 531.81 lei
-19% Nou
82.44€ • 85.63$ • 68.48£
Carte disponibilă
Livrare economică 13-27 ianuarie 25
Specificații
ISBN-10: 0132564718
Pagini: 545
Dimensiuni: 180 x 229 x 36 mm
Greutate: 1.04 kg
Editura: Prentice Hall
Notă biografică
Cuprins
Foreword xvii
Preface xix
Acknowledgments xxv
About the Authors xxvii
Part I: Foundation 1
Chapter 1: Practical Investigative Strategies 3
1.1 Real-World Cases 3
1.2 Footprints 8
1.3 Concepts in Digital Evidence 9
1.4 Challenges Relating to Network Evidence 16
1.5 Network Forensics Investigative Methodology (OSCAR) 17
1.6 Conclusion 22
Chapter 2: Technical Fundamentals 23
2.1 Sources of Network-Based Evidence 23
2.2 Principles of Internetworking 30
2.3 Internet Protocol Suite 35
2.4 Conclusion 44
Chapter 3: Evidence Acquisition 45
3.1 Physical Interception 46
3.2 Traffic Acquisition Software 54
3.3 Active Acquisition 65
3.4 Conclusion 72
Part II: Traffic Analysis 73
Chapter 4: Packet Analysis 75
4.1 Protocol Analysis 76
4.2 Packet Analysis 95
4.3 Flow Analysis 103
4.4 Higher-Layer Traffic Analysis 120
4.5 Conclusion 133
4.6 Case Study: Ann's Rendezvous 135
Chapter 5: Statistical Flow Analysis 159
5.1 Process Overview 160
5.2 Sensors 161
5.3 Flow Record Export Protocols 166
5.4 Collection and Aggregation 168
5.5 Analysis 172
5.6 Conclusion 183
5.7 Case Study: The Curious Mr. X 184
Chapter 6: Wireless: Network Forensics Unplugged 199
6.1 The IEEE Layer 2 Protocol Series 201
6.2 Wireless Access Points (WAPs) 214
6.3 Wireless Traffic Capture and Analysis 219
6.4 Common Attacks 224
6.5 Locating Wireless Devices 229
6.6 Conclusion 235
6.7 Case Study: HackMe, Inc. 236
Chapter 7: Network Intrusion Detection and Analysis 257
7.1 Why Investigate NIDS/NIPS? 258
7.2 Typical NIDS/NIPS Functionality 258
7.3 Modes of Detection 261
7.4 Types of NIDS/NIPSs 262
7.5 NIDS/NIPS Evidence Acquisition 264
7.6 Comprehensive Packet Logging 267
7.7 Snort 268
7.8 Conclusion 275
7.9 Case Study: Inter0ptic Saves the Planet (Part 1 of 2) 276
Part III: Network Devices and Servers 289
Chapter 8: Event Log Aggregation, Correlation, and Analysis 291
8.1 Sources of Logs 292
8.2 Network Log Architecture 306
8.3 Collecting and Analyzing Evidence 311
8.4 Conclusion 317
8.5 Case Study: L0ne Sh4rk's Revenge 318
Chapter 9: Switches, Routers, and Firewalls 335
9.1 Storage Media 336
9.2 Switches 336
9.3 Routers 340
9.4 Firewalls 344
9.5 Interfaces 348
9.6 Logging 352
9.7 Conclusion 355
9.8 Case Study: Ann's Coffee Ring 356
Chapter 10: Web Proxies 369
10.1 Why Investigate Web Proxies? 369
10.2 Web Proxy Functionality 371
10.3 Evidence 375
10.4 Squid 377
10.5 Web Proxy Analysis 381
10.6 Encrypted Web Traffic 392
10.7 Conclusion 401
10.8 Case Study: Inter0ptic Saves the Planet (Part 2 of 2) 402
Part IV: Advanced Topics 421
Chapter 11: Network Tunneling 423
11.1 Tunneling for Functionality 423
11.2 Tunneling for Confidentiality 427
11.3 Covert Tunneling 430
11.4 Conclusion 439
11.5 Case Study: Ann Tunnels Underground 441
Chapter 12: Malware Forensics 461
12.1 Trends in Malware Evolution 462
12.2 Network Behavior of Malware 484
12.3 The Future of Malware and Network Forensics 491
12.4 Case Study: Ann's Aurora 492
Afterword 519
Index 521