舉報 
會員
Hands-On Network Forensics
Networkforensicsisasubsetofdigitalforensicsthatdealswithnetworkattacksandtheirinvestigation.Intheeraofnetworkattacksandmalwarethreat,it’snowmoreimportantthanevertohaveskillstoinvestigatenetworkattacksandvulnerabilities.Hands-OnNetworkForensicsstartswiththecoreconceptswithinnetworkforensics,includingcoding,networking,forensicstools,andmethodologiesforforensicinvestigations.You’llthenexplorethetoolsusedfornetworkforensics,followedbyunderstandinghowtoapplythosetoolstoaPCAPfileandwritetheaccompanyingreport.Inadditiontothis,youwillunderstandhowstatisticalflowanalysis,networkenumeration,tunnelingandencryption,andmalwaredetectioncanbeusedtoinvestigateyournetwork.Towardstheendofthisbook,youwilldiscoverhownetworkcorrelationworksandhowtobringalltheinformationfromdifferenttypesofnetworkdevicestogether.Bytheendofthisbook,youwillhavegainedhands-onexperienceofperformingforensicsanalysistasks.
目錄(172章)
倒序
- coverpage
- Title Page
- Copyright and Credits
- Hands-On Network Forensics
- Dedication
- About Packt
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Disclaimer
- Section 1: Obtaining the Evidence
- Introducing Network Forensics
- Technical requirements
- Network forensics investigation methodology
- Source of network evidence
- Tapping the wire and the air
- CAM table on a network switch
- Routing tables on routers
- Dynamic Host Configuration Protocol logs
- DNS servers logs
- Domain controller/authentication servers/ system logs
- IDS/IPS logs
- Firewall logs
- Proxy server logs
- Wireshark essentials
- Identifying conversations and endpoints
- Identifying the IP endpoints
- Basic filters
- Exercise 1 – a noob's keylogger
- Exercise 2 – two too many
- Summary
- Questions and exercises
- Further reading
- Technical Concepts and Acquiring Evidence
- Technical requirements
- The inter-networking refresher
- Log-based evidence
- Application server logs
- Database logs
- Firewall logs
- Proxy logs
- IDS logs
- Case study – hack attempts
- Summary
- Questions and exercises
- Further reading
- Section 2: The Key Concepts
- Deep Packet Inspection
- Technical requirements
- Protocol encapsulation
- The Internet Protocol header
- The Transmission Control Protocol header
- The HTTP packet
- Analyzing packets on TCP
- Analyzing packets on UDP
- Analyzing packets on ICMP
- Case study – ICMP Flood or something else
- Summary
- Questions and exercises
- Further reading
- Statistical Flow Analysis
- Technical requirements
- The flow record and flow-record processing systems (FRPS)
- Understanding flow-record processing systems
- Exploring Netflow
- Uniflow and bitflow
- Sensor deployment types
- Analyzing the flow
- Converting PCAP to the IPFIX format
- Viewing the IPFIX data
- Flow analysis using SiLK
- Viewing flow records as text
- Summary
- Questions
- Further reading
- Combatting Tunneling and Encryption
- Technical requirements
- Decrypting TLS using browsers
- Decoding a malicious DNS tunnel
- Using Scapy to extract packet data
- Decrypting 802.11 packets
- Decrypting using Aircrack-ng
- Decoding keyboard captures
- Summary
- Questions and exercises
- Further reading
- Section 3: Conducting Network Forensics
- Investigating Good Known and Ugly Malware
- Technical requirements
- Dissecting malware on the network
- Finding network patterns
- Intercepting malware for fun and profit
- PyLocky ransomware decryption using PCAP data
- Decrypting hidden tear ransomware
- Behavior patterns and analysis
- A real-world case study – investigating a banking Trojan on the network
- Summary
- Questions and exercises
- Further reading
- Investigating C2 Servers
- Technical requirements
- Decoding the Metasploit shell
- Working with PowerShell obfuscation
- Decoding and decompressing with Python
- Case study – decrypting the Metasploit Reverse HTTPS Shellcode
- Analyzing Empire C2
- Case study – CERT.SE's major fraud and hacking criminal case B 8322-16
- Summary
- Questions and exercises
- Further reading
- Investigating and Analyzing Logs
- Technical requirements
- Network intrusions and footprints
- Investigating SSH logs
- Investigating web proxy logs
- Investigating firewall logs
- A case study – defaced servers
- Summary
- Questions and exercises
- Further reading
- WLAN Forensics
- Technical requirements
- The 802.11 standard
- Wireless evidence types
- Using airodump-ng to tap the air
- Packet types and subtypes
- Locating wireless devices
- Identifying rogue access points
- Obvious changes in the MAC address
- The tagged perimeters
- The time delta analysis
- Identifying attacks
- Rogue AP attacks
- Peer-to-peer attacks
- Eavesdropping
- Cracking encryption
- Authentication attacks
- Denial of service
- Investigating deauthentication packets
- Case study – identifying the attacker
- Summary
- Questions
- Further reading
- Automated Evidence Aggregation and Analysis
- Technical requirements
- Automation using Python and Scapy
- Automation through pyshark – Python's tshark
- Merging and splitting PCAP data
- Splitting PCAP data on parameters
- Splitting PCAP data in streams
- Large-scale data capturing collection and indexing
- Summary
- Questions and exercises
- Further reading
- Other Books You May Enjoy
- Leave a review - let other readers know what you think
- Assessments
- Chapter 1: Introducing Network Forensics
- Chapter 6: Investigating Good Known and Ugly Malware
- Chapter 7: Investigating C2 Servers
- Chapter 9: WLAN Forensics 更新時間:2021-06-24 16:04:54
推薦閱讀
- 網絡安全與管理
- 黑客大曝光:無線網絡安全(原書第3版)
- 工業控制網絡安全技術
- 數字化轉型浪潮下的數據安全最佳實踐指南
- 計算機網絡安全技術研究
- Digital Forensics with Kali Linux
- Falco云原生安全:Falco原理、實踐與擴展
- 編譯與反編譯技術實戰
- 網絡服務安全與監控
- 數字政府網絡安全合規性建設指南:密碼應用與數據安全
- Hands-On Artificial Intelligence for Cybersecurity
- Real-World SRE
- 黑客攻防從入門到精通:絕招版(第2版)
- Blockchain Development with Hyperledger
- 反黑風暴:黑客社會工程學攻防演練
- 網絡安全攻防技術實戰
- 數據安全實踐:能力體系、產品實現與解決方案
- 防火墻和VPN技術與實踐
- Hack-A-Sat太空信息安全挑戰賽深度題解
- 網絡安全滲透測試
- 威脅建模:安全設計中的風險識別和規避
- Kali Linux Network Scanning Cookbook
- 美國網絡安全戰略與政策二十年
- 網絡空間安全通識教程
- App安全實戰指南:Android和iOS App的安全攻防與合規
- 工業互聯網信息安全技術
- 金融網絡安全
- 工業互聯網安全:架構與防御(網絡空間安全技術叢書)
- 數據安全與隱私計算
- 物聯網安全
