• Network Forensics: Tracking Hackers Through Cyberspace See large image

    Network Forensics: Tracking Hackers Through Cyberspace (Hardback) By (author) Sherri Davidoff, By (author) Jonathan Ham

    $52.29 - Save $24.79 32% off - RRP $77.08 Free delivery worldwide Available
    Dispatched in 2 business days
    When will my order arrive?
    Add to basket | Add to wishlist |

    Description"This is a must-have work for anybody in information security, digital forensics, or involved with incident handling. As we move away from traditional disk-based analysis into the interconnectivity of the cloud, Sherri and Jonathan have created a framework and roadmap that will act as a seminal work in this developing field." - Dr. Craig S. Wright (GSE), Asia Pacific Director at Global Institute for Cyber Security + Research. "It's like a symphony meeting an encyclopedia meeting a spy novel." -Michael Ford, Corero Network Security On the Internet, every action leaves a mark-in routers, firewalls, web proxies, and within network traffic itself. When a hacker breaks into a bank, or an insider smuggles secrets to a competitor, evidence of the crime is always left behind. Learn to recognize hackers' tracks and uncover network-based evidence in Network Forensics: Tracking Hackers through Cyberspace.Carve suspicious email attachments from packet captures. Use flow records to track an intruder as he pivots through the network. Analyze a real-world wireless encryption-cracking attack (and then crack the key yourself). Reconstruct a suspect's web surfing history-and cached web pages, too-from a web proxy. Uncover DNS-tunneled traffic. Dissect the Operation Aurora exploit, caught on the wire. Throughout the text, step-by-step case studies guide you through the analysis of network-based evidence. You can download the evidence files from the authors' web site (lmgsecurity.com), and follow along to gain hands-on experience. Hackers leave footprints all across the Internet. Can you find their tracks and solve the case? Pick up Network Forensicsand find out.


Other books

Other people who viewed this bought | Other books in this category
Showing items 1 to 10 of 10

 

Reviews | Bibliographic data
  • Full bibliographic data for Network Forensics

    Title
    Network Forensics
    Subtitle
    Tracking Hackers Through Cyberspace
    Authors and contributors
    By (author) Sherri Davidoff, By (author) Jonathan Ham
    Physical properties
    Format: Hardback
    Number of pages: 576
    Width: 187 mm
    Height: 239 mm
    Thickness: 35 mm
    Weight: 1,040 g
    Language
    English
    ISBN
    ISBN 13: 9780132564717
    ISBN 10: 0132564718
    Classifications

    B&T Book Type: NF
    BIC E4L: CRI
    B&T Modifier: Region of Publication: 01
    Nielsen BookScan Product Class 3: S3.3
    B&T Modifier: Academic Level: 03
    B&T Modifier: Text Format: 06
    B&T General Subject: 229
    B&T Modifier: Text Format: 01
    B&T Merchandise Category: COM
    Ingram Subject Code: XB
    LC subject heading:
    BISAC V2.8: LAW041000
    B&T Approval Code: A93661400
    BIC subject category V2: UTN, JKVF1
    LC subject heading:
    B&T Approval Code: A60920000, A93663050
    Warengruppen-Systematik des deutschen Buchhandels: 16360
    BIC subject category V2: URH
    BISAC V2.8: COM043050
    LC subject heading: , ,
    BISAC V2.8: COM060040
    DC22: 363.25/968, 363.25968
    DC23: 363.25968
    LC classification: HV8079.C65 D348 2012
    LC subject heading:
    Publisher
    Pearson Education (US)
    Imprint name
    Prentice Hall
    Publication date
    23 June 2012
    Publication City/Country
    Upper Saddle River
    Author Information
    Sherri Davidoff is a founder of LMG Security, an information security consulting and research firm. Her specialties include network penetration testing, digital forensics, social engineering testing, and web application assessments. She holds her S.B. in Computer Science and Electrical Engineering from MIT. Jonathan Ham has been commissioned to teach NCIS investigators how to use Snort, performed packet analysis from a facility more than two thousand feet underground, taught intrusion analysis to the NSA, and chartered and trained the CIRT for one of the largest U.S. civilian federal agencies. He is a founder of LMG Security. His favorite field is ip[6:2].
    Table of contents
    Foreword xvii Preface xix Acknowledgments xxv About the Authors xxvii Part I: Foundation 1 Chapter 1: Practical Investigative Strategies 3 1.1 Real-World Cases 3 1.2 Footprints 8 1.3 Concepts in Digital Evidence 9 1.4 Challenges Relating to Network Evidence 16 1.5 Network Forensics Investigative Methodology (OSCAR) 17 1.6 Conclusion 22 Chapter 2: Technical Fundamentals 23 2.1 Sources of Network-Based Evidence 23 2.2 Principles of Internetworking 30 2.3 Internet Protocol Suite 35 2.4 Conclusion 44 Chapter 3: Evidence Acquisition 45 3.1 Physical Interception 46 3.2 Traffic Acquisition Software 54 3.3 Active Acquisition 65 3.4 Conclusion 72 Part II: Traffic Analysis 73 Chapter 4: Packet Analysis 75 4.1 Protocol Analysis 76 4.2 Packet Analysis 95 4.3 Flow Analysis 103 4.4 Higher-Layer Traffic Analysis 120 4.5 Conclusion 133 4.6 Case Study: Ann's Rendezvous 135 Chapter 5: Statistical Flow Analysis 159 5.1 Process Overview 160 5.2 Sensors 161 5.3 Flow Record Export Protocols 166 5.4 Collection and Aggregation 168 5.5 Analysis 172 5.6 Conclusion 183 5.7 Case Study: The Curious Mr. X 184 Chapter 6: Wireless: Network Forensics Unplugged 199 6.1 The IEEE Layer 2 Protocol Series 201 6.2 Wireless Access Points (WAPs) 214 6.3 Wireless Traffic Capture and Analysis 219 6.4 Common Attacks 224 6.5 Locating Wireless Devices 229 6.6 Conclusion 235 6.7 Case Study: HackMe, Inc. 236 Chapter 7: Network Intrusion Detection and Analysis 257 7.1 Why Investigate NIDS/NIPS? 258 7.2 Typical NIDS/NIPS Functionality 258 7.3 Modes of Detection 261 7.4 Types of NIDS/NIPSs 262 7.5 NIDS/NIPS Evidence Acquisition 264 7.6 Comprehensive Packet Logging 267 7.7 Snort 268 7.8 Conclusion 275 7.9 Case Study: Inter0ptic Saves the Planet (Part 1 of 2) 276 Part III: Network Devices and Servers 289 Chapter 8: Event Log Aggregation, Correlation, and Analysis 291 8.1 Sources of Logs 292 8.2 Network Log Architecture 306 8.3 Collecting and Analyzing Evidence 311 8.4 Conclusion 317 8.5 Case Study: L0ne Sh4rk's Revenge 318 Chapter 9: Switches, Routers, and Firewalls 335 9.1 Storage Media 336 9.2 Switches 336 9.3 Routers 340 9.4 Firewalls 344 9.5 Interfaces 348 9.6 Logging 352 9.7 Conclusion 355 9.8 Case Study: Ann's Coffee Ring 356 Chapter 10: Web Proxies 369 10.1 Why Investigate Web Proxies? 369 10.2 Web Proxy Functionality 371 10.3 Evidence 375 10.4 Squid 377 10.5 Web Proxy Analysis 381 10.6 Encrypted Web Traffic 392 10.7 Conclusion 401 10.8 Case Study: Inter0ptic Saves the Planet (Part 2 of 2) 402 Part IV: Advanced Topics 421 Chapter 11: Network Tunneling 423 11.1 Tunneling for Functionality 423 11.2 Tunneling for Confidentiality 427 11.3 Covert Tunneling 430 11.4 Conclusion 439 11.5 Case Study: Ann Tunnels Underground 441 Chapter 12: Malware Forensics 461 12.1 Trends in Malware Evolution 462 12.2 Network Behavior of Malware 484 12.3 The Future of Malware and Network Forensics 491 12.4 Case Study: Ann's Aurora 492 Afterword 519 Index 521