Verfügbarkeit: Learning network forensics :

Learning network forensics :: identify and safeguard your network against both internal and external threats, hackers, and malware attacks /

Identify and safeguard your network against both internal and external threats, hackers, and malware attacks About This Book Lay your hands on physical and virtual evidence to understand the sort of crime committed by capturing and analyzing network traffic Connect the dots by understanding web prox...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Datt, Samir (VerfasserIn)
Format:	Elektronisch E-Book
Sprache:	English
Veröffentlicht:	Birmingham, UK : Packt Publishing, 2016.
Schriftenreihe:	Community experience distilled.
Schlagworte:	Computer networks > Security measures. Local area networks (Computer networks) > Security measures. Business enterprises > Computer networks > Security measures. Computer crimes > Investigation. Réseaux d'ordinateurs > Sécurité > Mesures. Réseaux locaux (Informatique) > Sécurité > Mesures. Criminalité informatique > Enquêtes. COMPUTERS / Security / Networking Business enterprises > Computer networks > Security measures Computer crimes > Investigation Computer networks > Security measures Local area networks (Computer networks) > Security measures
Online-Zugang:	DE-862 DE-863
Zusammenfassung:	Identify and safeguard your network against both internal and external threats, hackers, and malware attacks About This Book Lay your hands on physical and virtual evidence to understand the sort of crime committed by capturing and analyzing network traffic Connect the dots by understanding web proxies, firewalls, and routers to close in on your suspect A hands-on guide to help you solve your case with malware forensic methods and network behaviors Who This Book Is For If you are a network administrator, system administrator, information security, or forensics professional and wish to learn network forensic to track the intrusions through network-based evidence, then this book is for you. Basic knowledge of Linux and networking concepts is expected. What You Will Learn Understand Internetworking, sources of network-based evidence and other basic technical fundamentals, including the tools that will be used throughout the book Acquire evidence using traffic acquisition software and know how to manage and handle the evidence Perform packet analysis by capturing and collecting data, along with content analysis Locate wireless devices, as well as capturing and analyzing wireless traffic data packets Implement protocol analysis and content matching; acquire evidence from NIDS/NIPS Act upon the data and evidence gathered by being able to connect the dots and draw links between various events Apply logging and interfaces, along with analyzing web proxies and understanding encrypted web traffic Use IOCs (Indicators of Compromise) and build real-world forensic solutions, dealing with malware In Detail We live in a highly networked world. Every digital device - phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to su...
Beschreibung:	Includes index.
Beschreibung:	1 online resource (1 volume) : illustrations.
ISBN:	9781785282126 1785282123

Internformat

MARC


LEADER	00000cam a2200000 i 4500
001	ZDB-4-EBA-ocn945637637
003	OCoLC
005	20241004212047.0
006	m o d
007	cr unu\|\|\|\|\|\|\|\|
008	160328s2016 enka o 001 0 eng d
040			\|a UMI \|b eng \|e rda \|e pn \|c UMI \|d IDEBK \|d OCLCF \|d TEFOD \|d N$T \|d DEBSZ \|d N$T \|d KSU \|d COO \|d DEBBG \|d YDXCP \|d OCLCQ \|d VT2 \|d REB \|d UOK \|d CEF \|d NLE \|d UKMGB \|d AGLDB \|d IGB \|d RDF \|d QGK \|d OCLCO \|d OCLCQ \|d OCLCO \|d OCLCL \|d OCLCQ
015			\|a GBB6G3417 \|2 bnb
016	7		\|a 018010441 \|2 Uk
019			\|a 942842479 \|a 944156584 \|a 987426725 \|a 1259180621
020			\|a 9781785282126 \|q (electronic bk.)
020			\|a 1785282123 \|q (electronic bk.)
020			\|z 9781782174905
020			\|z 1782174907
035			\|a (OCoLC)945637637 \|z (OCoLC)942842479 \|z (OCoLC)944156584 \|z (OCoLC)987426725 \|z (OCoLC)1259180621
037			\|a CL0500000723 \|b Safari Books Online
037			\|a 3436E245-5507-4D40-A60F-08FDD9860BF5 \|b OverDrive, Inc. \|n http://www.overdrive.com
050		4	\|a TK5105.59
072		7	\|a COM \|x 043050 \|2 bisacsh
082	7		\|a 005.8 \|2 23
049			\|a MAIN
100	1		\|a Datt, Samir, \|e author.
245	1	0	\|a Learning network forensics : \|b identify and safeguard your network against both internal and external threats, hackers, and malware attacks / \|c Shameer Kunjumohamed, Hamidreza Sattari.
246	3	0	\|a Identify and safeguard your network against both internal and external threats, hackers, and malware attacks
264		1	\|a Birmingham, UK : \|b Packt Publishing, \|c 2016.
300			\|a 1 online resource (1 volume) : \|b illustrations.
336			\|a text \|b txt \|2 rdacontent
337			\|a computer \|b c \|2 rdamedia
338			\|a online resource \|b cr \|2 rdacarrier
347			\|a text file
490	1		\|a Community experience distilled
588			\|a Description based on online resource; title from cover page (Safari, viewed March 24, 2016).
500			\|a Includes index.
505	0		\|a Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Becoming Network 007s; 007 characteristics in the network world; Bond characteristics for getting to satisfactory completion of the case; The TAARA methodology for network forensics; Identifying threats to the enterprise; Internal threats; External threats; Data breach surveys; Locard's exchange principle; Defining network forensics; Differentiating between computer forensics and network forensics; Strengthening our technical fundamentals; The seven-layer model
505	8		\|a The TCP/IP modelUnderstanding the concept of interconnection between networks/Internet; Internet Protocol (IP); Structure of an IP packet; Transmission Control Protocol (TCP); User Datagram Protocol (UDP); Internet application protocols; Understanding network security; Types of threats; Internal threats; External threats; Network security goals; Confidentiality; Integrity; Availability; How are networks exploited?; Digital footprints; Summary; Chapter 2: Laying Hands on the Evidence; Identifying sources of evidence; Evidence obtainable from within the network
505	8		\|a Evidence from outside the networkLearning to handle the evidence; Rules for the collection of digital evidence; Rule 1: never mishandle the evidence; Rule 2: never work on the original evidence or system; Rule 3: document everything; Collecting network traffic using tcpdump; Installing tcpdump; Understanding tcpdump command parameters; Capturing network traffic using tcpdump; Collecting network traffic using Wireshark; Using Wireshark; Collecting network logs; Acquiring memory using FTK Imager; Summary; Chapter 3: Capturing & Analyzing Data Packets; Tapping into network traffic
505	8		\|a Passive and active sniffing on networksPacket sniffing and analysis using Wireshark; Packet sniffing and analysis using NetworkMiner; Case study -- tracking down an insider; Summary; Chapter 4: Going Wireless; Laying the foundation -- IEEE 802.11; Understanding wireless protection and security; Wired equivalent privacy; Wi-Fi protected access; Wi-Fi Protected Access II; Securing your Wi-Fi network; Discussing common attacks on Wi-Fi networks; Incidental connection; Malicious connection; Ad hoc connection; Non-traditional connections; Spoofed connections; Man-in-the-middle (MITM) connections
505	8		\|a The denial-of-service (DoS) attackCapturing and analyzing wireless traffic; Sniffing challenges in a Wi-Fi world; Configuring our network card; Sniffing packets with Wireshark; Analyzing wireless packet capture; Summary; Chapter 5: Tracking an Intruder on the Network; Understanding Network Intrusion Detection Systems; Understanding Network Intrusion Prevention Systems; Modes of detection; Pattern matching; Anomaly detection; Differentiating between NIDS and NIPS; Using SNORT for network intrusion detection and prevention; The sniffer mode; The packet logger mode
520			\|a Identify and safeguard your network against both internal and external threats, hackers, and malware attacks About This Book Lay your hands on physical and virtual evidence to understand the sort of crime committed by capturing and analyzing network traffic Connect the dots by understanding web proxies, firewalls, and routers to close in on your suspect A hands-on guide to help you solve your case with malware forensic methods and network behaviors Who This Book Is For If you are a network administrator, system administrator, information security, or forensics professional and wish to learn network forensic to track the intrusions through network-based evidence, then this book is for you. Basic knowledge of Linux and networking concepts is expected. What You Will Learn Understand Internetworking, sources of network-based evidence and other basic technical fundamentals, including the tools that will be used throughout the book Acquire evidence using traffic acquisition software and know how to manage and handle the evidence Perform packet analysis by capturing and collecting data, along with content analysis Locate wireless devices, as well as capturing and analyzing wireless traffic data packets Implement protocol analysis and content matching; acquire evidence from NIDS/NIPS Act upon the data and evidence gathered by being able to connect the dots and draw links between various events Apply logging and interfaces, along with analyzing web proxies and understanding encrypted web traffic Use IOCs (Indicators of Compromise) and build real-world forensic solutions, dealing with malware In Detail We live in a highly networked world. Every digital device - phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to su...
650		0	\|a Computer networks \|x Security measures. \|0 http://id.loc.gov/authorities/subjects/sh94001277
650		0	\|a Local area networks (Computer networks) \|x Security measures. \|0 http://id.loc.gov/authorities/subjects/sh94000861
650		0	\|a Business enterprises \|x Computer networks \|x Security measures. \|0 http://id.loc.gov/authorities/subjects/sh95010367
650		0	\|a Computer crimes \|x Investigation. \|0 http://id.loc.gov/authorities/subjects/sh85029493
650		6	\|a Réseaux d'ordinateurs \|x Sécurité \|x Mesures.
650		6	\|a Réseaux locaux (Informatique) \|x Sécurité \|x Mesures.
650		6	\|a Criminalité informatique \|x Enquêtes.
650		7	\|a COMPUTERS / Security / Networking \|2 bisacsh
650		7	\|a Business enterprises \|x Computer networks \|x Security measures \|2 fast
650		7	\|a Computer crimes \|x Investigation \|2 fast
650		7	\|a Computer networks \|x Security measures \|2 fast
650		7	\|a Local area networks (Computer networks) \|x Security measures \|2 fast
758			\|i has work: \|a Learning Network Forensics (Text) \|1 https://id.oclc.org/worldcat/entity/E39PD33DYQKcfjDQx8MpT93M6C \|4 https://id.oclc.org/worldcat/ontology/hasWork
776			\|z 1-78217-490-7
830		0	\|a Community experience distilled. \|0 http://id.loc.gov/authorities/names/no2011030603
966	4	0	\|l DE-862 \|p ZDB-4-EBA \|q FWS_PDA_EBA \|u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1193719 \|3 Volltext
966	4	0	\|l DE-863 \|p ZDB-4-EBA \|q FWS_PDA_EBA \|u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1193719 \|3 Volltext
938			\|a ProQuest MyiLibrary Digital eBook Collection \|b IDEB \|n cis34109850
938			\|a EBSCOhost \|b EBSC \|n 1193719
938			\|a YBP Library Services \|b YANK \|n 12872684
994			\|a 92 \|b GEBAY
912			\|a ZDB-4-EBA
049			\|a DE-862
049			\|a DE-863

Datensatz im Suchindex

DE-BY-FWS_katkey	ZDB-4-EBA-ocn945637637
_version_	1826942110291460096
adam_text
any_adam_object
author	Datt, Samir
author_facet	Datt, Samir
author_role	aut
author_sort	Datt, Samir
author_variant	s d sd
building	Verbundindex
bvnumber	localFWS
callnumber-first	T - Technology
callnumber-label	TK5105
callnumber-raw	TK5105.59
callnumber-search	TK5105.59
callnumber-sort	TK 45105.59
callnumber-subject	TK - Electrical and Nuclear Engineering
collection	ZDB-4-EBA
contents	Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Becoming Network 007s; 007 characteristics in the network world; Bond characteristics for getting to satisfactory completion of the case; The TAARA methodology for network forensics; Identifying threats to the enterprise; Internal threats; External threats; Data breach surveys; Locard's exchange principle; Defining network forensics; Differentiating between computer forensics and network forensics; Strengthening our technical fundamentals; The seven-layer model The TCP/IP modelUnderstanding the concept of interconnection between networks/Internet; Internet Protocol (IP); Structure of an IP packet; Transmission Control Protocol (TCP); User Datagram Protocol (UDP); Internet application protocols; Understanding network security; Types of threats; Internal threats; External threats; Network security goals; Confidentiality; Integrity; Availability; How are networks exploited?; Digital footprints; Summary; Chapter 2: Laying Hands on the Evidence; Identifying sources of evidence; Evidence obtainable from within the network Evidence from outside the networkLearning to handle the evidence; Rules for the collection of digital evidence; Rule 1: never mishandle the evidence; Rule 2: never work on the original evidence or system; Rule 3: document everything; Collecting network traffic using tcpdump; Installing tcpdump; Understanding tcpdump command parameters; Capturing network traffic using tcpdump; Collecting network traffic using Wireshark; Using Wireshark; Collecting network logs; Acquiring memory using FTK Imager; Summary; Chapter 3: Capturing & Analyzing Data Packets; Tapping into network traffic Passive and active sniffing on networksPacket sniffing and analysis using Wireshark; Packet sniffing and analysis using NetworkMiner; Case study -- tracking down an insider; Summary; Chapter 4: Going Wireless; Laying the foundation -- IEEE 802.11; Understanding wireless protection and security; Wired equivalent privacy; Wi-Fi protected access; Wi-Fi Protected Access II; Securing your Wi-Fi network; Discussing common attacks on Wi-Fi networks; Incidental connection; Malicious connection; Ad hoc connection; Non-traditional connections; Spoofed connections; Man-in-the-middle (MITM) connections The denial-of-service (DoS) attackCapturing and analyzing wireless traffic; Sniffing challenges in a Wi-Fi world; Configuring our network card; Sniffing packets with Wireshark; Analyzing wireless packet capture; Summary; Chapter 5: Tracking an Intruder on the Network; Understanding Network Intrusion Detection Systems; Understanding Network Intrusion Prevention Systems; Modes of detection; Pattern matching; Anomaly detection; Differentiating between NIDS and NIPS; Using SNORT for network intrusion detection and prevention; The sniffer mode; The packet logger mode
ctrlnum	(OCoLC)945637637
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
format	Electronic eBook
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>08937cam a2200733 i 4500</leader><controlfield tag="001">ZDB-4-EBA-ocn945637637</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr unu\|\|\|\|\|\|\|\|</controlfield><controlfield tag="008">160328s2016 enka o 001 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">UMI</subfield><subfield code="b">eng</subfield><subfield code="e">rda</subfield><subfield code="e">pn</subfield><subfield code="c">UMI</subfield><subfield code="d">IDEBK</subfield><subfield code="d">OCLCF</subfield><subfield code="d">TEFOD</subfield><subfield code="d">N$T</subfield><subfield code="d">DEBSZ</subfield><subfield code="d">N$T</subfield><subfield code="d">KSU</subfield><subfield code="d">COO</subfield><subfield code="d">DEBBG</subfield><subfield code="d">YDXCP</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">VT2</subfield><subfield code="d">REB</subfield><subfield code="d">UOK</subfield><subfield code="d">CEF</subfield><subfield code="d">NLE</subfield><subfield code="d">UKMGB</subfield><subfield code="d">AGLDB</subfield><subfield code="d">IGB</subfield><subfield code="d">RDF</subfield><subfield code="d">QGK</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCL</subfield><subfield code="d">OCLCQ</subfield></datafield><datafield tag="015" ind1=" " ind2=" "><subfield code="a">GBB6G3417</subfield><subfield code="2">bnb</subfield></datafield><datafield tag="016" ind1="7" ind2=" "><subfield code="a">018010441</subfield><subfield code="2">Uk</subfield></datafield><datafield tag="019" ind1=" " ind2=" "><subfield code="a">942842479</subfield><subfield code="a">944156584</subfield><subfield code="a">987426725</subfield><subfield code="a">1259180621</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781785282126</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1785282123</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781782174905</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">1782174907</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)945637637</subfield><subfield code="z">(OCoLC)942842479</subfield><subfield code="z">(OCoLC)944156584</subfield><subfield code="z">(OCoLC)987426725</subfield><subfield code="z">(OCoLC)1259180621</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">CL0500000723</subfield><subfield code="b">Safari Books Online</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">3436E245-5507-4D40-A60F-08FDD9860BF5</subfield><subfield code="b">OverDrive, Inc.</subfield><subfield code="n">http://www.overdrive.com</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">TK5105.59</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">043050</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">23</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Datt, Samir,</subfield><subfield code="e">author.</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Learning network forensics :</subfield><subfield code="b">identify and safeguard your network against both internal and external threats, hackers, and malware attacks /</subfield><subfield code="c">Shameer Kunjumohamed, Hamidreza Sattari.</subfield></datafield><datafield tag="246" ind1="3" ind2="0"><subfield code="a">Identify and safeguard your network against both internal and external threats, hackers, and malware attacks</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Birmingham, UK :</subfield><subfield code="b">Packt Publishing,</subfield><subfield code="c">2016.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (1 volume) :</subfield><subfield code="b">illustrations.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="347" ind1=" " ind2=" "><subfield code="a">text file</subfield></datafield><datafield tag="490" ind1="1" ind2=" "><subfield code="a">Community experience distilled</subfield></datafield><datafield tag="588" ind1=" " ind2=" "><subfield code="a">Description based on online resource; title from cover page (Safari, viewed March 24, 2016).</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes index.</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Becoming Network 007s; 007 characteristics in the network world; Bond characteristics for getting to satisfactory completion of the case; The TAARA methodology for network forensics; Identifying threats to the enterprise; Internal threats; External threats; Data breach surveys; Locard's exchange principle; Defining network forensics; Differentiating between computer forensics and network forensics; Strengthening our technical fundamentals; The seven-layer model</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">The TCP/IP modelUnderstanding the concept of interconnection between networks/Internet; Internet Protocol (IP); Structure of an IP packet; Transmission Control Protocol (TCP); User Datagram Protocol (UDP); Internet application protocols; Understanding network security; Types of threats; Internal threats; External threats; Network security goals; Confidentiality; Integrity; Availability; How are networks exploited?; Digital footprints; Summary; Chapter 2: Laying Hands on the Evidence; Identifying sources of evidence; Evidence obtainable from within the network</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Evidence from outside the networkLearning to handle the evidence; Rules for the collection of digital evidence; Rule 1: never mishandle the evidence; Rule 2: never work on the original evidence or system; Rule 3: document everything; Collecting network traffic using tcpdump; Installing tcpdump; Understanding tcpdump command parameters; Capturing network traffic using tcpdump; Collecting network traffic using Wireshark; Using Wireshark; Collecting network logs; Acquiring memory using FTK Imager; Summary; Chapter 3: Capturing & Analyzing Data Packets; Tapping into network traffic</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Passive and active sniffing on networksPacket sniffing and analysis using Wireshark; Packet sniffing and analysis using NetworkMiner; Case study -- tracking down an insider; Summary; Chapter 4: Going Wireless; Laying the foundation -- IEEE 802.11; Understanding wireless protection and security; Wired equivalent privacy; Wi-Fi protected access; Wi-Fi Protected Access II; Securing your Wi-Fi network; Discussing common attacks on Wi-Fi networks; Incidental connection; Malicious connection; Ad hoc connection; Non-traditional connections; Spoofed connections; Man-in-the-middle (MITM) connections</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">The denial-of-service (DoS) attackCapturing and analyzing wireless traffic; Sniffing challenges in a Wi-Fi world; Configuring our network card; Sniffing packets with Wireshark; Analyzing wireless packet capture; Summary; Chapter 5: Tracking an Intruder on the Network; Understanding Network Intrusion Detection Systems; Understanding Network Intrusion Prevention Systems; Modes of detection; Pattern matching; Anomaly detection; Differentiating between NIDS and NIPS; Using SNORT for network intrusion detection and prevention; The sniffer mode; The packet logger mode</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Identify and safeguard your network against both internal and external threats, hackers, and malware attacks About This Book Lay your hands on physical and virtual evidence to understand the sort of crime committed by capturing and analyzing network traffic Connect the dots by understanding web proxies, firewalls, and routers to close in on your suspect A hands-on guide to help you solve your case with malware forensic methods and network behaviors Who This Book Is For If you are a network administrator, system administrator, information security, or forensics professional and wish to learn network forensic to track the intrusions through network-based evidence, then this book is for you. Basic knowledge of Linux and networking concepts is expected. What You Will Learn Understand Internetworking, sources of network-based evidence and other basic technical fundamentals, including the tools that will be used throughout the book Acquire evidence using traffic acquisition software and know how to manage and handle the evidence Perform packet analysis by capturing and collecting data, along with content analysis Locate wireless devices, as well as capturing and analyzing wireless traffic data packets Implement protocol analysis and content matching; acquire evidence from NIDS/NIPS Act upon the data and evidence gathered by being able to connect the dots and draw links between various events Apply logging and interfaces, along with analyzing web proxies and understanding encrypted web traffic Use IOCs (Indicators of Compromise) and build real-world forensic solutions, dealing with malware In Detail We live in a highly networked world. Every digital device - phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to su...</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh94001277</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Local area networks (Computer networks)</subfield><subfield code="x">Security measures.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh94000861</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Business enterprises</subfield><subfield code="x">Computer networks</subfield><subfield code="x">Security measures.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh95010367</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer crimes</subfield><subfield code="x">Investigation.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh85029493</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Réseaux d'ordinateurs</subfield><subfield code="x">Sécurité</subfield><subfield code="x">Mesures.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Réseaux locaux (Informatique)</subfield><subfield code="x">Sécurité</subfield><subfield code="x">Mesures.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Criminalité informatique</subfield><subfield code="x">Enquêtes.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Security / Networking</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Business enterprises</subfield><subfield code="x">Computer networks</subfield><subfield code="x">Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer crimes</subfield><subfield code="x">Investigation</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Local area networks (Computer networks)</subfield><subfield code="x">Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="758" ind1=" " ind2=" "><subfield code="i">has work:</subfield><subfield code="a">Learning Network Forensics (Text)</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PD33DYQKcfjDQx8MpT93M6C</subfield><subfield code="4">https://id.oclc.org/worldcat/ontology/hasWork</subfield></datafield><datafield tag="776" ind1=" " ind2=" "><subfield code="z">1-78217-490-7</subfield></datafield><datafield tag="830" ind1=" " ind2="0"><subfield code="a">Community experience distilled.</subfield><subfield code="0">http://id.loc.gov/authorities/names/no2011030603</subfield></datafield><datafield tag="966" ind1="4" ind2="0"><subfield code="l">DE-862</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1193719</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="966" ind1="4" ind2="0"><subfield code="l">DE-863</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1193719</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ProQuest MyiLibrary Digital eBook Collection</subfield><subfield code="b">IDEB</subfield><subfield code="n">cis34109850</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">1193719</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">YBP Library Services</subfield><subfield code="b">YANK</subfield><subfield code="n">12872684</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-862</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection>
id	ZDB-4-EBA-ocn945637637
illustrated	Illustrated
indexdate	2025-03-18T14:22:48Z
institution	BVB
isbn	9781785282126 1785282123
language	English
oclc_num	945637637
open_access_boolean
owner	MAIN DE-862 DE-BY-FWS DE-863 DE-BY-FWS
owner_facet	MAIN DE-862 DE-BY-FWS DE-863 DE-BY-FWS
physical	1 online resource (1 volume) : illustrations.
psigel	ZDB-4-EBA FWS_PDA_EBA ZDB-4-EBA
publishDate	2016
publishDateSearch	2016
publishDateSort	2016
publisher	Packt Publishing,
record_format	marc
series	Community experience distilled.
series2	Community experience distilled
spelling	Datt, Samir, author. Learning network forensics : identify and safeguard your network against both internal and external threats, hackers, and malware attacks / Shameer Kunjumohamed, Hamidreza Sattari. Identify and safeguard your network against both internal and external threats, hackers, and malware attacks Birmingham, UK : Packt Publishing, 2016. 1 online resource (1 volume) : illustrations. text txt rdacontent computer c rdamedia online resource cr rdacarrier text file Community experience distilled Description based on online resource; title from cover page (Safari, viewed March 24, 2016). Includes index. Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Becoming Network 007s; 007 characteristics in the network world; Bond characteristics for getting to satisfactory completion of the case; The TAARA methodology for network forensics; Identifying threats to the enterprise; Internal threats; External threats; Data breach surveys; Locard's exchange principle; Defining network forensics; Differentiating between computer forensics and network forensics; Strengthening our technical fundamentals; The seven-layer model The TCP/IP modelUnderstanding the concept of interconnection between networks/Internet; Internet Protocol (IP); Structure of an IP packet; Transmission Control Protocol (TCP); User Datagram Protocol (UDP); Internet application protocols; Understanding network security; Types of threats; Internal threats; External threats; Network security goals; Confidentiality; Integrity; Availability; How are networks exploited?; Digital footprints; Summary; Chapter 2: Laying Hands on the Evidence; Identifying sources of evidence; Evidence obtainable from within the network Evidence from outside the networkLearning to handle the evidence; Rules for the collection of digital evidence; Rule 1: never mishandle the evidence; Rule 2: never work on the original evidence or system; Rule 3: document everything; Collecting network traffic using tcpdump; Installing tcpdump; Understanding tcpdump command parameters; Capturing network traffic using tcpdump; Collecting network traffic using Wireshark; Using Wireshark; Collecting network logs; Acquiring memory using FTK Imager; Summary; Chapter 3: Capturing & Analyzing Data Packets; Tapping into network traffic Passive and active sniffing on networksPacket sniffing and analysis using Wireshark; Packet sniffing and analysis using NetworkMiner; Case study -- tracking down an insider; Summary; Chapter 4: Going Wireless; Laying the foundation -- IEEE 802.11; Understanding wireless protection and security; Wired equivalent privacy; Wi-Fi protected access; Wi-Fi Protected Access II; Securing your Wi-Fi network; Discussing common attacks on Wi-Fi networks; Incidental connection; Malicious connection; Ad hoc connection; Non-traditional connections; Spoofed connections; Man-in-the-middle (MITM) connections The denial-of-service (DoS) attackCapturing and analyzing wireless traffic; Sniffing challenges in a Wi-Fi world; Configuring our network card; Sniffing packets with Wireshark; Analyzing wireless packet capture; Summary; Chapter 5: Tracking an Intruder on the Network; Understanding Network Intrusion Detection Systems; Understanding Network Intrusion Prevention Systems; Modes of detection; Pattern matching; Anomaly detection; Differentiating between NIDS and NIPS; Using SNORT for network intrusion detection and prevention; The sniffer mode; The packet logger mode Identify and safeguard your network against both internal and external threats, hackers, and malware attacks About This Book Lay your hands on physical and virtual evidence to understand the sort of crime committed by capturing and analyzing network traffic Connect the dots by understanding web proxies, firewalls, and routers to close in on your suspect A hands-on guide to help you solve your case with malware forensic methods and network behaviors Who This Book Is For If you are a network administrator, system administrator, information security, or forensics professional and wish to learn network forensic to track the intrusions through network-based evidence, then this book is for you. Basic knowledge of Linux and networking concepts is expected. What You Will Learn Understand Internetworking, sources of network-based evidence and other basic technical fundamentals, including the tools that will be used throughout the book Acquire evidence using traffic acquisition software and know how to manage and handle the evidence Perform packet analysis by capturing and collecting data, along with content analysis Locate wireless devices, as well as capturing and analyzing wireless traffic data packets Implement protocol analysis and content matching; acquire evidence from NIDS/NIPS Act upon the data and evidence gathered by being able to connect the dots and draw links between various events Apply logging and interfaces, along with analyzing web proxies and understanding encrypted web traffic Use IOCs (Indicators of Compromise) and build real-world forensic solutions, dealing with malware In Detail We live in a highly networked world. Every digital device - phone, tablet, or computer is connected to each other, in one way or another. In this new age of connected networks, there is network crime. Network forensics is the brave new frontier of digital investigation and information security professionals to extend their abilities to catch miscreants on the network. The book starts with an introduction to the world of network forensics and investigations. You will begin by getting an understanding of how to gather both physical and virtual evidence, intercepting and analyzing network data, wireless data packets, investigating intrusions, and so on. You will further explore the technology, tools, and investigating methods using malware forensics, network tunneling, and behaviors. By the end of the book, you will gain a complete understanding of how to su... Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Local area networks (Computer networks) Security measures. http://id.loc.gov/authorities/subjects/sh94000861 Business enterprises Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh95010367 Computer crimes Investigation. http://id.loc.gov/authorities/subjects/sh85029493 Réseaux d'ordinateurs Sécurité Mesures. Réseaux locaux (Informatique) Sécurité Mesures. Criminalité informatique Enquêtes. COMPUTERS / Security / Networking bisacsh Business enterprises Computer networks Security measures fast Computer crimes Investigation fast Computer networks Security measures fast Local area networks (Computer networks) Security measures fast has work: Learning Network Forensics (Text) https://id.oclc.org/worldcat/entity/E39PD33DYQKcfjDQx8MpT93M6C https://id.oclc.org/worldcat/ontology/hasWork 1-78217-490-7 Community experience distilled. http://id.loc.gov/authorities/names/no2011030603
spellingShingle	Datt, Samir Learning network forensics : identify and safeguard your network against both internal and external threats, hackers, and malware attacks / Community experience distilled. Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Becoming Network 007s; 007 characteristics in the network world; Bond characteristics for getting to satisfactory completion of the case; The TAARA methodology for network forensics; Identifying threats to the enterprise; Internal threats; External threats; Data breach surveys; Locard's exchange principle; Defining network forensics; Differentiating between computer forensics and network forensics; Strengthening our technical fundamentals; The seven-layer model The TCP/IP modelUnderstanding the concept of interconnection between networks/Internet; Internet Protocol (IP); Structure of an IP packet; Transmission Control Protocol (TCP); User Datagram Protocol (UDP); Internet application protocols; Understanding network security; Types of threats; Internal threats; External threats; Network security goals; Confidentiality; Integrity; Availability; How are networks exploited?; Digital footprints; Summary; Chapter 2: Laying Hands on the Evidence; Identifying sources of evidence; Evidence obtainable from within the network Evidence from outside the networkLearning to handle the evidence; Rules for the collection of digital evidence; Rule 1: never mishandle the evidence; Rule 2: never work on the original evidence or system; Rule 3: document everything; Collecting network traffic using tcpdump; Installing tcpdump; Understanding tcpdump command parameters; Capturing network traffic using tcpdump; Collecting network traffic using Wireshark; Using Wireshark; Collecting network logs; Acquiring memory using FTK Imager; Summary; Chapter 3: Capturing & Analyzing Data Packets; Tapping into network traffic Passive and active sniffing on networksPacket sniffing and analysis using Wireshark; Packet sniffing and analysis using NetworkMiner; Case study -- tracking down an insider; Summary; Chapter 4: Going Wireless; Laying the foundation -- IEEE 802.11; Understanding wireless protection and security; Wired equivalent privacy; Wi-Fi protected access; Wi-Fi Protected Access II; Securing your Wi-Fi network; Discussing common attacks on Wi-Fi networks; Incidental connection; Malicious connection; Ad hoc connection; Non-traditional connections; Spoofed connections; Man-in-the-middle (MITM) connections The denial-of-service (DoS) attackCapturing and analyzing wireless traffic; Sniffing challenges in a Wi-Fi world; Configuring our network card; Sniffing packets with Wireshark; Analyzing wireless packet capture; Summary; Chapter 5: Tracking an Intruder on the Network; Understanding Network Intrusion Detection Systems; Understanding Network Intrusion Prevention Systems; Modes of detection; Pattern matching; Anomaly detection; Differentiating between NIDS and NIPS; Using SNORT for network intrusion detection and prevention; The sniffer mode; The packet logger mode Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Local area networks (Computer networks) Security measures. http://id.loc.gov/authorities/subjects/sh94000861 Business enterprises Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh95010367 Computer crimes Investigation. http://id.loc.gov/authorities/subjects/sh85029493 Réseaux d'ordinateurs Sécurité Mesures. Réseaux locaux (Informatique) Sécurité Mesures. Criminalité informatique Enquêtes. COMPUTERS / Security / Networking bisacsh Business enterprises Computer networks Security measures fast Computer crimes Investigation fast Computer networks Security measures fast Local area networks (Computer networks) Security measures fast
subject_GND	http://id.loc.gov/authorities/subjects/sh94001277 http://id.loc.gov/authorities/subjects/sh94000861 http://id.loc.gov/authorities/subjects/sh95010367 http://id.loc.gov/authorities/subjects/sh85029493
title	Learning network forensics : identify and safeguard your network against both internal and external threats, hackers, and malware attacks /
title_alt	Identify and safeguard your network against both internal and external threats, hackers, and malware attacks
title_auth	Learning network forensics : identify and safeguard your network against both internal and external threats, hackers, and malware attacks /
title_exact_search	Learning network forensics : identify and safeguard your network against both internal and external threats, hackers, and malware attacks /
title_full	Learning network forensics : identify and safeguard your network against both internal and external threats, hackers, and malware attacks / Shameer Kunjumohamed, Hamidreza Sattari.
title_fullStr	Learning network forensics : identify and safeguard your network against both internal and external threats, hackers, and malware attacks / Shameer Kunjumohamed, Hamidreza Sattari.
title_full_unstemmed	Learning network forensics : identify and safeguard your network against both internal and external threats, hackers, and malware attacks / Shameer Kunjumohamed, Hamidreza Sattari.
title_short	Learning network forensics :
title_sort	learning network forensics identify and safeguard your network against both internal and external threats hackers and malware attacks
title_sub	identify and safeguard your network against both internal and external threats, hackers, and malware attacks /
topic	Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Local area networks (Computer networks) Security measures. http://id.loc.gov/authorities/subjects/sh94000861 Business enterprises Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh95010367 Computer crimes Investigation. http://id.loc.gov/authorities/subjects/sh85029493 Réseaux d'ordinateurs Sécurité Mesures. Réseaux locaux (Informatique) Sécurité Mesures. Criminalité informatique Enquêtes. COMPUTERS / Security / Networking bisacsh Business enterprises Computer networks Security measures fast Computer crimes Investigation fast Computer networks Security measures fast Local area networks (Computer networks) Security measures fast
topic_facet	Computer networks Security measures. Local area networks (Computer networks) Security measures. Business enterprises Computer networks Security measures. Computer crimes Investigation. Réseaux d'ordinateurs Sécurité Mesures. Réseaux locaux (Informatique) Sécurité Mesures. Criminalité informatique Enquêtes. COMPUTERS / Security / Networking Business enterprises Computer networks Security measures Computer crimes Investigation Computer networks Security measures Local area networks (Computer networks) Security measures
work_keys_str_mv	AT dattsamir learningnetworkforensicsidentifyandsafeguardyournetworkagainstbothinternalandexternalthreatshackersandmalwareattacks AT dattsamir identifyandsafeguardyournetworkagainstbothinternalandexternalthreatshackersandmalwareattacks

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Volltext öffnen

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge