舉報 
會員
Hands-On Network Forensics
Networkforensicsisasubsetofdigitalforensicsthatdealswithnetworkattacksandtheirinvestigation.Intheeraofnetworkattacksandmalwarethreat,it’snowmoreimportantthanevertohaveskillstoinvestigatenetworkattacksandvulnerabilities.Hands-OnNetworkForensicsstartswiththecoreconceptswithinnetworkforensics,includingcoding,networking,forensicstools,andmethodologiesforforensicinvestigations.You’llthenexplorethetoolsusedfornetworkforensics,followedbyunderstandinghowtoapplythosetoolstoaPCAPfileandwritetheaccompanyingreport.Inadditiontothis,youwillunderstandhowstatisticalflowanalysis,networkenumeration,tunnelingandencryption,andmalwaredetectioncanbeusedtoinvestigateyournetwork.Towardstheendofthisbook,youwilldiscoverhownetworkcorrelationworksandhowtobringalltheinformationfromdifferenttypesofnetworkdevicestogether.Bytheendofthisbook,youwillhavegainedhands-onexperienceofperformingforensicsanalysistasks.
目錄(172章)
倒序
- coverpage
- Title Page
- Copyright and Credits
- Hands-On Network Forensics
- Dedication
- About Packt
- Why subscribe?
- Packt.com
- Contributors
- About the author
- About the reviewer
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Disclaimer
- Section 1: Obtaining the Evidence
- Introducing Network Forensics
- Technical requirements
- Network forensics investigation methodology
- Source of network evidence
- Tapping the wire and the air
- CAM table on a network switch
- Routing tables on routers
- Dynamic Host Configuration Protocol logs
- DNS servers logs
- Domain controller/authentication servers/ system logs
- IDS/IPS logs
- Firewall logs
- Proxy server logs
- Wireshark essentials
- Identifying conversations and endpoints
- Identifying the IP endpoints
- Basic filters
- Exercise 1 – a noob's keylogger
- Exercise 2 – two too many
- Summary
- Questions and exercises
- Further reading
- Technical Concepts and Acquiring Evidence
- Technical requirements
- The inter-networking refresher
- Log-based evidence
- Application server logs
- Database logs
- Firewall logs
- Proxy logs
- IDS logs
- Case study – hack attempts
- Summary
- Questions and exercises
- Further reading
- Section 2: The Key Concepts
- Deep Packet Inspection
- Technical requirements
- Protocol encapsulation
- The Internet Protocol header
- The Transmission Control Protocol header
- The HTTP packet
- Analyzing packets on TCP
- Analyzing packets on UDP
- Analyzing packets on ICMP
- Case study – ICMP Flood or something else
- Summary
- Questions and exercises
- Further reading
- Statistical Flow Analysis
- Technical requirements
- The flow record and flow-record processing systems (FRPS)
- Understanding flow-record processing systems
- Exploring Netflow
- Uniflow and bitflow
- Sensor deployment types
- Analyzing the flow
- Converting PCAP to the IPFIX format
- Viewing the IPFIX data
- Flow analysis using SiLK
- Viewing flow records as text
- Summary
- Questions
- Further reading
- Combatting Tunneling and Encryption
- Technical requirements
- Decrypting TLS using browsers
- Decoding a malicious DNS tunnel
- Using Scapy to extract packet data
- Decrypting 802.11 packets
- Decrypting using Aircrack-ng
- Decoding keyboard captures
- Summary
- Questions and exercises
- Further reading
- Section 3: Conducting Network Forensics
- Investigating Good Known and Ugly Malware
- Technical requirements
- Dissecting malware on the network
- Finding network patterns
- Intercepting malware for fun and profit
- PyLocky ransomware decryption using PCAP data
- Decrypting hidden tear ransomware
- Behavior patterns and analysis
- A real-world case study – investigating a banking Trojan on the network
- Summary
- Questions and exercises
- Further reading
- Investigating C2 Servers
- Technical requirements
- Decoding the Metasploit shell
- Working with PowerShell obfuscation
- Decoding and decompressing with Python
- Case study – decrypting the Metasploit Reverse HTTPS Shellcode
- Analyzing Empire C2
- Case study – CERT.SE's major fraud and hacking criminal case B 8322-16
- Summary
- Questions and exercises
- Further reading
- Investigating and Analyzing Logs
- Technical requirements
- Network intrusions and footprints
- Investigating SSH logs
- Investigating web proxy logs
- Investigating firewall logs
- A case study – defaced servers
- Summary
- Questions and exercises
- Further reading
- WLAN Forensics
- Technical requirements
- The 802.11 standard
- Wireless evidence types
- Using airodump-ng to tap the air
- Packet types and subtypes
- Locating wireless devices
- Identifying rogue access points
- Obvious changes in the MAC address
- The tagged perimeters
- The time delta analysis
- Identifying attacks
- Rogue AP attacks
- Peer-to-peer attacks
- Eavesdropping
- Cracking encryption
- Authentication attacks
- Denial of service
- Investigating deauthentication packets
- Case study – identifying the attacker
- Summary
- Questions
- Further reading
- Automated Evidence Aggregation and Analysis
- Technical requirements
- Automation using Python and Scapy
- Automation through pyshark – Python's tshark
- Merging and splitting PCAP data
- Splitting PCAP data on parameters
- Splitting PCAP data in streams
- Large-scale data capturing collection and indexing
- Summary
- Questions and exercises
- Further reading
- Other Books You May Enjoy
- Leave a review - let other readers know what you think
- Assessments
- Chapter 1: Introducing Network Forensics
- Chapter 6: Investigating Good Known and Ugly Malware
- Chapter 7: Investigating C2 Servers
- Chapter 9: WLAN Forensics 更新時間:2021-06-24 16:04:54
推薦閱讀
- 零信任網絡:在不可信網絡中構建安全系統
- 網絡安全應急管理與技術實踐
- 黑客攻防技巧
- 工業物聯網安全
- Testing and Securing Android Studio Applications
- 網絡空間安全實驗
- Digital Forensics with Kali Linux
- Advanced Penetration Testing for Highly:Secured Environments(Second Edition)
- 網絡用戶行為的安全可信分析與控制
- 交換機·路由器·防火墻(第2版)
- 網絡攻防實戰研究:MySQL數據庫安全
- Practical Mobile Forensics
- CTF網絡安全競賽入門教程
- 計算機網絡安全與應用技術(第2版)
- 一本書講透混合云安全
- 大數據安全治理與防范:反欺詐體系建設
- 精通Metasploit滲透測試(第3版)
- 智能制造的信息安全
- 信息安全風險管理與實踐
- 華為防火墻技術漫談
- 數字與安全:數智時代安全先鋒
- 從實踐中學習Metasploit 5滲透測試
- 計算機網絡安全與防護
- 小小黑客之路
- CTF實戰:從入門到提升
- 可信計算標準導論
- Hands-On Penetration Testing with Kali NetHunter
- 走近安全:網絡世界的攻與防
- VMware vSphere Security Cookbook
- 物聯網設備安全
