What this book covers

Chapter 1, Introducing Network Forensics, lays the network forensics base for you and will focus on the key concepts that will aid in understanding network anomalies and behavior.

Chapter 2, Technical Concepts and Acquiring Evidence, focuses on developing some fundamental knowledge and insights into network forensics. This chapter will discuss the IP suite, the collection of evidence, and internetworking through hands-on practical exercises.

Chapter 3, Deep Packet Inspection, focuses on key concepts related to widely used protocols, such as Dynamic Host Configuration Protocol (DHCP), Simple Mail Transfer Protocol (SMTP), and Hyper Text Transfer Protocol (HTTP).

Chapter 4, Statistical Flow Analysis, demonstrates statistical flow analysis, collection and aggregation, and protocols and flow record export protocols.

Chapter 5, Combatting Tunneling and Encryption, focuses on network tunneling, its concepts, and an analysis from the perspective of network forensics.

Chapter 6, Investigating Good, Known, and Ugly Malware, focuses on malware forensics over an infected network by making use of various tools and techniques. It discusses many modern malware examples, their modus operandi, and focuses on developing skills in investigating network behavior and patterns in relation to malware.

Chapter 7, Investigating C2 Servers, focuses on Command and Control (C2) servers, their execution over the network, widely used C2 ecosystems, and the most critical identifiers to look for while working with C2-based malware.

Chapter 8, Investigating and Analyzing Logs, primarily focuses on working with a variety of log types and gathering inputs to ultimately aid your network forensics exercises.

Chapter 9, WLAN Forensics, highlights critical concepts in relation to Wi-Fi forensics, and discusses various packet structures and sources of evidence while familiarizing you with finding rogue access points and identifying attack patterns.

Chapter 10, Automated Evidence Aggregation and Analysis, focuses on developing scripts, tools, segregation techniques, and methodologies for automation while processing a large evidence set. This chapter also highlights the insights of reading network packets and PCAP through programming while automating manual techniques.