Hands-On Network Forensics :: Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools.
Questions; Further reading; Chapter 5: Combatting Tunneling and Encryption; Technical requirements; Decrypting TLS using browsers; Decoding a malicious DNS tunnel; Using Scapy to extract packet data; Decrypting 802.11 packets; Decrypting using Aircrack-ng; Decoding keyboard captures; Summary; Questi...
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Birmingham :
Packt Publishing Ltd,
2019.
|
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Zusammenfassung: | Questions; Further reading; Chapter 5: Combatting Tunneling and Encryption; Technical requirements; Decrypting TLS using browsers; Decoding a malicious DNS tunnel; Using Scapy to extract packet data; Decrypting 802.11 packets; Decrypting using Aircrack-ng; Decoding keyboard captures; Summary; Questions and exercises; Further reading; Section 3: Conducting Network Forensics; Chapter 6: Investigating Good, Known, and Ugly Malware; Technical requirements; Dissecting malware on the network; Finding network patterns; Intercepting malware for fun and profit In the era of network attacks and malware threat, it becomes important to have skills to investigate the attack evidence and vulnerabilities prevailing in the network. This book focuses on how to acquire and analyze the evidence, write a report and use the common tools in network forensics. |
| Beschreibung: | Further reading |
| Beschreibung: | 1 online resource (347 pages) |
| Bibliographie: | Includes bibliographical references. |
| ISBN: | 1789341051 9781789341058 |
Internformat
MARC
| LEADER | 00000cam a2200000Mi 4500 | ||
|---|---|---|---|
| 001 | ZDB-4-EBA-on1096516059 | ||
| 003 | OCoLC | ||
| 005 | 20241004212047.0 | ||
| 006 | m o d | ||
| 007 | cr cnu---unuuu | ||
| 008 | 190413s2019 enk ob 000 0 eng d | ||
| 040 | |a EBLCP |b eng |e pn |c EBLCP |d TEFOD |d UKAHL |d TEFOD |d OCLCF |d OCLCQ |d N$T |d UKMGB |d OCLCQ |d OCLCO |d NZAUC |d OCLCQ |d OCLCO |d OCLCL |d TMA |d OCLCQ | ||
| 015 | |a GBB9J3112 |2 bnb | ||
| 016 | 7 | |a 019365458 |2 Uk | |
| 020 | |a 1789341051 | ||
| 020 | |a 9781789341058 |q (electronic bk.) | ||
| 020 | |z 9781789344523 | ||
| 035 | |a (OCoLC)1096516059 | ||
| 037 | |a FA7D99E2-CCC9-4E15-AAF0-E317A76D01FB |b OverDrive, Inc. |n http://www.overdrive.com | ||
| 050 | 4 | |a QA76.9.A25 | |
| 082 | 7 | |a 005.8 |2 23 | |
| 049 | |a MAIN | ||
| 100 | 1 | |a Jaswal, Nipun. | |
| 245 | 1 | 0 | |a Hands-On Network Forensics : |b Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools. |
| 260 | |a Birmingham : |b Packt Publishing Ltd, |c 2019. | ||
| 300 | |a 1 online resource (347 pages) | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 588 | 0 | |a Print version record. | |
| 505 | 0 | |a Cover; Title Page; Copyright and Credits; Dedication; About Packt; Contributors; Table of Contents; Preface; Section 1: Obtaining the Evidence; Chapter 1: Introducing Network Forensics; Technical requirements; Network forensics investigation methodology; Source of network evidence; Tapping the wire and the air; CAM table on a network switch; Routing tables on routers; Dynamic Host Configuration Protocol logs; DNS servers logs; Domain controller/authentication servers/ system logs; IDS/IPS logs; Firewall logs; Proxy server logs; Wireshark essentials; Identifying conversations and endpoints | |
| 505 | 8 | |a Identifying the IP endpointsBasic filters; Exercise 1 -- a noob's keylogger; Exercise 2 -- two too many; Summary; Questions and exercises; Further reading; Chapter 2: Technical Concepts and Acquiring Evidence; Technical requirements; The inter-networking refresher; Log-based evidence; Application server logs; Database logs; Firewall logs; Proxy logs; IDS logs; Case study -- hack attempts; Summary; Questions and exercises; Further reading; Section 2: The Key Concepts; Chapter 3: Deep Packet Inspection; Technical requirements; Protocol encapsulation; The Internet Protocol header | |
| 505 | 8 | |a The Transmission Control Protocol headerThe HTTP packet; Analyzing packets on TCP; Analyzing packets on UDP; Analyzing packets on ICMP; Case study -- ICMP Flood or something else; Summary; Questions and exercises; Further reading; Chapter 4: Statistical Flow Analysis; Technical requirements; The flow record and flow-record processing systems (FRPS) ; Understanding flow-record processing systems; Exploring Netflow; Uniflow and bitflow; Sensor deployment types; Analyzing the flow; Converting PCAP to the IPFIX format; Viewing the IPFIX data; Flow analysis using SiLK; Viewing flow records as text | |
| 520 | |a Questions; Further reading; Chapter 5: Combatting Tunneling and Encryption; Technical requirements; Decrypting TLS using browsers; Decoding a malicious DNS tunnel; Using Scapy to extract packet data; Decrypting 802.11 packets; Decrypting using Aircrack-ng; Decoding keyboard captures; Summary; Questions and exercises; Further reading; Section 3: Conducting Network Forensics; Chapter 6: Investigating Good, Known, and Ugly Malware; Technical requirements; Dissecting malware on the network; Finding network patterns; Intercepting malware for fun and profit | ||
| 505 | 8 | |a PyLocky ransomware decryption using PCAP dataDecrypting hidden tear ransomware; Behavior patterns and analysis; A real-world case study -- investigating a banking Trojan on the network; Summary; Questions and exercises; Further reading; Chapter 7: Investigating C2 Servers; Technical requirements; Decoding the Metasploit shell; Working with PowerShell obfuscation; Decoding and decompressing with Python; Case study -- decrypting the Metasploit Reverse HTTPS Shellcode; Analyzing Empire C2; Case study -- CERT. SE's major fraud and hacking criminal case, B 8322-16; Summary; Questions and exercises | |
| 500 | |a Further reading | ||
| 520 | |a In the era of network attacks and malware threat, it becomes important to have skills to investigate the attack evidence and vulnerabilities prevailing in the network. This book focuses on how to acquire and analyze the evidence, write a report and use the common tools in network forensics. | ||
| 504 | |a Includes bibliographical references. | ||
| 650 | 0 | |a Computer security. |0 http://id.loc.gov/authorities/subjects/sh90001862 | |
| 650 | 0 | |a Computer networks |x Security measures. |0 http://id.loc.gov/authorities/subjects/sh94001277 | |
| 650 | 0 | |a Computer crimes |x Investigation. |0 http://id.loc.gov/authorities/subjects/sh85029493 | |
| 650 | 0 | |a Forensic sciences. |0 http://id.loc.gov/authorities/subjects/sh90001487 | |
| 650 | 6 | |a Sécurité informatique. | |
| 650 | 6 | |a Réseaux d'ordinateurs |x Sécurité |x Mesures. | |
| 650 | 6 | |a Criminalité informatique |x Enquêtes. | |
| 650 | 6 | |a Criminalistique. | |
| 650 | 7 | |a forensic science. |2 aat | |
| 650 | 7 | |a Computer crimes |x Investigation |2 fast | |
| 650 | 7 | |a Computer networks |x Security measures |2 fast | |
| 650 | 7 | |a Computer security |2 fast | |
| 650 | 7 | |a Forensic sciences |2 fast | |
| 758 | |i has work: |a Hands-On Network Forensics (Text) |1 https://id.oclc.org/worldcat/entity/E39PCYyXyYmVfQvg6dJQQJw4yH |4 https://id.oclc.org/worldcat/ontology/hasWork | ||
| 776 | 0 | 8 | |i Print version: |a Jaswal, Nipun. |t Hands-On Network Forensics : Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools. |d Birmingham : Packt Publishing Ltd, ©2019 |z 9781789344523 |
| 856 | 4 | 0 | |l FWS01 |p ZDB-4-EBA |q FWS_PDA_EBA |u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2094764 |3 Volltext |
| 938 | |a Askews and Holts Library Services |b ASKH |n AH36147891 | ||
| 938 | |a ProQuest Ebook Central |b EBLB |n EBL5744450 | ||
| 938 | |a EBSCOhost |b EBSC |n 2094764 | ||
| 994 | |a 92 |b GEBAY | ||
| 912 | |a ZDB-4-EBA | ||
| 049 | |a DE-863 | ||
Datensatz im Suchindex
| DE-BY-FWS_katkey | ZDB-4-EBA-on1096516059 |
|---|---|
| _version_ | 1816882489800523776 |
| adam_text | |
| any_adam_object | |
| author | Jaswal, Nipun |
| author_facet | Jaswal, Nipun |
| author_role | |
| author_sort | Jaswal, Nipun |
| author_variant | n j nj |
| building | Verbundindex |
| bvnumber | localFWS |
| callnumber-first | Q - Science |
| callnumber-label | QA76 |
| callnumber-raw | QA76.9.A25 |
| callnumber-search | QA76.9.A25 |
| callnumber-sort | QA 276.9 A25 |
| callnumber-subject | QA - Mathematics |
| collection | ZDB-4-EBA |
| contents | Cover; Title Page; Copyright and Credits; Dedication; About Packt; Contributors; Table of Contents; Preface; Section 1: Obtaining the Evidence; Chapter 1: Introducing Network Forensics; Technical requirements; Network forensics investigation methodology; Source of network evidence; Tapping the wire and the air; CAM table on a network switch; Routing tables on routers; Dynamic Host Configuration Protocol logs; DNS servers logs; Domain controller/authentication servers/ system logs; IDS/IPS logs; Firewall logs; Proxy server logs; Wireshark essentials; Identifying conversations and endpoints Identifying the IP endpointsBasic filters; Exercise 1 -- a noob's keylogger; Exercise 2 -- two too many; Summary; Questions and exercises; Further reading; Chapter 2: Technical Concepts and Acquiring Evidence; Technical requirements; The inter-networking refresher; Log-based evidence; Application server logs; Database logs; Firewall logs; Proxy logs; IDS logs; Case study -- hack attempts; Summary; Questions and exercises; Further reading; Section 2: The Key Concepts; Chapter 3: Deep Packet Inspection; Technical requirements; Protocol encapsulation; The Internet Protocol header The Transmission Control Protocol headerThe HTTP packet; Analyzing packets on TCP; Analyzing packets on UDP; Analyzing packets on ICMP; Case study -- ICMP Flood or something else; Summary; Questions and exercises; Further reading; Chapter 4: Statistical Flow Analysis; Technical requirements; The flow record and flow-record processing systems (FRPS) ; Understanding flow-record processing systems; Exploring Netflow; Uniflow and bitflow; Sensor deployment types; Analyzing the flow; Converting PCAP to the IPFIX format; Viewing the IPFIX data; Flow analysis using SiLK; Viewing flow records as text PyLocky ransomware decryption using PCAP dataDecrypting hidden tear ransomware; Behavior patterns and analysis; A real-world case study -- investigating a banking Trojan on the network; Summary; Questions and exercises; Further reading; Chapter 7: Investigating C2 Servers; Technical requirements; Decoding the Metasploit shell; Working with PowerShell obfuscation; Decoding and decompressing with Python; Case study -- decrypting the Metasploit Reverse HTTPS Shellcode; Analyzing Empire C2; Case study -- CERT. SE's major fraud and hacking criminal case, B 8322-16; Summary; Questions and exercises |
| ctrlnum | (OCoLC)1096516059 |
| dewey-full | 005.8 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8 |
| dewey-search | 005.8 |
| dewey-sort | 15.8 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>06040cam a2200661Mi 4500</leader><controlfield tag="001">ZDB-4-EBA-on1096516059</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr cnu---unuuu</controlfield><controlfield tag="008">190413s2019 enk ob 000 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">EBLCP</subfield><subfield code="b">eng</subfield><subfield code="e">pn</subfield><subfield code="c">EBLCP</subfield><subfield code="d">TEFOD</subfield><subfield code="d">UKAHL</subfield><subfield code="d">TEFOD</subfield><subfield code="d">OCLCF</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">N$T</subfield><subfield code="d">UKMGB</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">NZAUC</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCL</subfield><subfield code="d">TMA</subfield><subfield code="d">OCLCQ</subfield></datafield><datafield tag="015" ind1=" " ind2=" "><subfield code="a">GBB9J3112</subfield><subfield code="2">bnb</subfield></datafield><datafield tag="016" ind1="7" ind2=" "><subfield code="a">019365458</subfield><subfield code="2">Uk</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1789341051</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781789341058</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781789344523</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1096516059</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">FA7D99E2-CCC9-4E15-AAF0-E317A76D01FB</subfield><subfield code="b">OverDrive, Inc.</subfield><subfield code="n">http://www.overdrive.com</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">23</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Jaswal, Nipun.</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Hands-On Network Forensics :</subfield><subfield code="b">Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools.</subfield></datafield><datafield tag="260" ind1=" " ind2=" "><subfield code="a">Birmingham :</subfield><subfield code="b">Packt Publishing Ltd,</subfield><subfield code="c">2019.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (347 pages)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Print version record.</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Cover; Title Page; Copyright and Credits; Dedication; About Packt; Contributors; Table of Contents; Preface; Section 1: Obtaining the Evidence; Chapter 1: Introducing Network Forensics; Technical requirements; Network forensics investigation methodology; Source of network evidence; Tapping the wire and the air; CAM table on a network switch; Routing tables on routers; Dynamic Host Configuration Protocol logs; DNS servers logs; Domain controller/authentication servers/ system logs; IDS/IPS logs; Firewall logs; Proxy server logs; Wireshark essentials; Identifying conversations and endpoints</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Identifying the IP endpointsBasic filters; Exercise 1 -- a noob's keylogger; Exercise 2 -- two too many; Summary; Questions and exercises; Further reading; Chapter 2: Technical Concepts and Acquiring Evidence; Technical requirements; The inter-networking refresher; Log-based evidence; Application server logs; Database logs; Firewall logs; Proxy logs; IDS logs; Case study -- hack attempts; Summary; Questions and exercises; Further reading; Section 2: The Key Concepts; Chapter 3: Deep Packet Inspection; Technical requirements; Protocol encapsulation; The Internet Protocol header</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">The Transmission Control Protocol headerThe HTTP packet; Analyzing packets on TCP; Analyzing packets on UDP; Analyzing packets on ICMP; Case study -- ICMP Flood or something else; Summary; Questions and exercises; Further reading; Chapter 4: Statistical Flow Analysis; Technical requirements; The flow record and flow-record processing systems (FRPS) ; Understanding flow-record processing systems; Exploring Netflow; Uniflow and bitflow; Sensor deployment types; Analyzing the flow; Converting PCAP to the IPFIX format; Viewing the IPFIX data; Flow analysis using SiLK; Viewing flow records as text</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Questions; Further reading; Chapter 5: Combatting Tunneling and Encryption; Technical requirements; Decrypting TLS using browsers; Decoding a malicious DNS tunnel; Using Scapy to extract packet data; Decrypting 802.11 packets; Decrypting using Aircrack-ng; Decoding keyboard captures; Summary; Questions and exercises; Further reading; Section 3: Conducting Network Forensics; Chapter 6: Investigating Good, Known, and Ugly Malware; Technical requirements; Dissecting malware on the network; Finding network patterns; Intercepting malware for fun and profit</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">PyLocky ransomware decryption using PCAP dataDecrypting hidden tear ransomware; Behavior patterns and analysis; A real-world case study -- investigating a banking Trojan on the network; Summary; Questions and exercises; Further reading; Chapter 7: Investigating C2 Servers; Technical requirements; Decoding the Metasploit shell; Working with PowerShell obfuscation; Decoding and decompressing with Python; Case study -- decrypting the Metasploit Reverse HTTPS Shellcode; Analyzing Empire C2; Case study -- CERT. SE's major fraud and hacking criminal case, B 8322-16; Summary; Questions and exercises</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Further reading</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">In the era of network attacks and malware threat, it becomes important to have skills to investigate the attack evidence and vulnerabilities prevailing in the network. This book focuses on how to acquire and analyze the evidence, write a report and use the common tools in network forensics.</subfield></datafield><datafield tag="504" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer security.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh90001862</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh94001277</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer crimes</subfield><subfield code="x">Investigation.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh85029493</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Forensic sciences.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh90001487</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Sécurité informatique.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Réseaux d'ordinateurs</subfield><subfield code="x">Sécurité</subfield><subfield code="x">Mesures.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Criminalité informatique</subfield><subfield code="x">Enquêtes.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Criminalistique.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">forensic science.</subfield><subfield code="2">aat</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer crimes</subfield><subfield code="x">Investigation</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Forensic sciences</subfield><subfield code="2">fast</subfield></datafield><datafield tag="758" ind1=" " ind2=" "><subfield code="i">has work:</subfield><subfield code="a">Hands-On Network Forensics (Text)</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PCYyXyYmVfQvg6dJQQJw4yH</subfield><subfield code="4">https://id.oclc.org/worldcat/ontology/hasWork</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="a">Jaswal, Nipun.</subfield><subfield code="t">Hands-On Network Forensics : Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools.</subfield><subfield code="d">Birmingham : Packt Publishing Ltd, ©2019</subfield><subfield code="z">9781789344523</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2094764</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">Askews and Holts Library Services</subfield><subfield code="b">ASKH</subfield><subfield code="n">AH36147891</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ProQuest Ebook Central</subfield><subfield code="b">EBLB</subfield><subfield code="n">EBL5744450</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">2094764</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection> |
| id | ZDB-4-EBA-on1096516059 |
| illustrated | Not Illustrated |
| indexdate | 2024-11-27T13:29:26Z |
| institution | BVB |
| isbn | 1789341051 9781789341058 |
| language | English |
| oclc_num | 1096516059 |
| open_access_boolean | |
| owner | MAIN DE-863 DE-BY-FWS |
| owner_facet | MAIN DE-863 DE-BY-FWS |
| physical | 1 online resource (347 pages) |
| psigel | ZDB-4-EBA |
| publishDate | 2019 |
| publishDateSearch | 2019 |
| publishDateSort | 2019 |
| publisher | Packt Publishing Ltd, |
| record_format | marc |
| spelling | Jaswal, Nipun. Hands-On Network Forensics : Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools. Birmingham : Packt Publishing Ltd, 2019. 1 online resource (347 pages) text txt rdacontent computer c rdamedia online resource cr rdacarrier Print version record. Cover; Title Page; Copyright and Credits; Dedication; About Packt; Contributors; Table of Contents; Preface; Section 1: Obtaining the Evidence; Chapter 1: Introducing Network Forensics; Technical requirements; Network forensics investigation methodology; Source of network evidence; Tapping the wire and the air; CAM table on a network switch; Routing tables on routers; Dynamic Host Configuration Protocol logs; DNS servers logs; Domain controller/authentication servers/ system logs; IDS/IPS logs; Firewall logs; Proxy server logs; Wireshark essentials; Identifying conversations and endpoints Identifying the IP endpointsBasic filters; Exercise 1 -- a noob's keylogger; Exercise 2 -- two too many; Summary; Questions and exercises; Further reading; Chapter 2: Technical Concepts and Acquiring Evidence; Technical requirements; The inter-networking refresher; Log-based evidence; Application server logs; Database logs; Firewall logs; Proxy logs; IDS logs; Case study -- hack attempts; Summary; Questions and exercises; Further reading; Section 2: The Key Concepts; Chapter 3: Deep Packet Inspection; Technical requirements; Protocol encapsulation; The Internet Protocol header The Transmission Control Protocol headerThe HTTP packet; Analyzing packets on TCP; Analyzing packets on UDP; Analyzing packets on ICMP; Case study -- ICMP Flood or something else; Summary; Questions and exercises; Further reading; Chapter 4: Statistical Flow Analysis; Technical requirements; The flow record and flow-record processing systems (FRPS) ; Understanding flow-record processing systems; Exploring Netflow; Uniflow and bitflow; Sensor deployment types; Analyzing the flow; Converting PCAP to the IPFIX format; Viewing the IPFIX data; Flow analysis using SiLK; Viewing flow records as text Questions; Further reading; Chapter 5: Combatting Tunneling and Encryption; Technical requirements; Decrypting TLS using browsers; Decoding a malicious DNS tunnel; Using Scapy to extract packet data; Decrypting 802.11 packets; Decrypting using Aircrack-ng; Decoding keyboard captures; Summary; Questions and exercises; Further reading; Section 3: Conducting Network Forensics; Chapter 6: Investigating Good, Known, and Ugly Malware; Technical requirements; Dissecting malware on the network; Finding network patterns; Intercepting malware for fun and profit PyLocky ransomware decryption using PCAP dataDecrypting hidden tear ransomware; Behavior patterns and analysis; A real-world case study -- investigating a banking Trojan on the network; Summary; Questions and exercises; Further reading; Chapter 7: Investigating C2 Servers; Technical requirements; Decoding the Metasploit shell; Working with PowerShell obfuscation; Decoding and decompressing with Python; Case study -- decrypting the Metasploit Reverse HTTPS Shellcode; Analyzing Empire C2; Case study -- CERT. SE's major fraud and hacking criminal case, B 8322-16; Summary; Questions and exercises Further reading In the era of network attacks and malware threat, it becomes important to have skills to investigate the attack evidence and vulnerabilities prevailing in the network. This book focuses on how to acquire and analyze the evidence, write a report and use the common tools in network forensics. Includes bibliographical references. Computer security. http://id.loc.gov/authorities/subjects/sh90001862 Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Computer crimes Investigation. http://id.loc.gov/authorities/subjects/sh85029493 Forensic sciences. http://id.loc.gov/authorities/subjects/sh90001487 Sécurité informatique. Réseaux d'ordinateurs Sécurité Mesures. Criminalité informatique Enquêtes. Criminalistique. forensic science. aat Computer crimes Investigation fast Computer networks Security measures fast Computer security fast Forensic sciences fast has work: Hands-On Network Forensics (Text) https://id.oclc.org/worldcat/entity/E39PCYyXyYmVfQvg6dJQQJw4yH https://id.oclc.org/worldcat/ontology/hasWork Print version: Jaswal, Nipun. Hands-On Network Forensics : Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools. Birmingham : Packt Publishing Ltd, ©2019 9781789344523 FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2094764 Volltext |
| spellingShingle | Jaswal, Nipun Hands-On Network Forensics : Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools. Cover; Title Page; Copyright and Credits; Dedication; About Packt; Contributors; Table of Contents; Preface; Section 1: Obtaining the Evidence; Chapter 1: Introducing Network Forensics; Technical requirements; Network forensics investigation methodology; Source of network evidence; Tapping the wire and the air; CAM table on a network switch; Routing tables on routers; Dynamic Host Configuration Protocol logs; DNS servers logs; Domain controller/authentication servers/ system logs; IDS/IPS logs; Firewall logs; Proxy server logs; Wireshark essentials; Identifying conversations and endpoints Identifying the IP endpointsBasic filters; Exercise 1 -- a noob's keylogger; Exercise 2 -- two too many; Summary; Questions and exercises; Further reading; Chapter 2: Technical Concepts and Acquiring Evidence; Technical requirements; The inter-networking refresher; Log-based evidence; Application server logs; Database logs; Firewall logs; Proxy logs; IDS logs; Case study -- hack attempts; Summary; Questions and exercises; Further reading; Section 2: The Key Concepts; Chapter 3: Deep Packet Inspection; Technical requirements; Protocol encapsulation; The Internet Protocol header The Transmission Control Protocol headerThe HTTP packet; Analyzing packets on TCP; Analyzing packets on UDP; Analyzing packets on ICMP; Case study -- ICMP Flood or something else; Summary; Questions and exercises; Further reading; Chapter 4: Statistical Flow Analysis; Technical requirements; The flow record and flow-record processing systems (FRPS) ; Understanding flow-record processing systems; Exploring Netflow; Uniflow and bitflow; Sensor deployment types; Analyzing the flow; Converting PCAP to the IPFIX format; Viewing the IPFIX data; Flow analysis using SiLK; Viewing flow records as text PyLocky ransomware decryption using PCAP dataDecrypting hidden tear ransomware; Behavior patterns and analysis; A real-world case study -- investigating a banking Trojan on the network; Summary; Questions and exercises; Further reading; Chapter 7: Investigating C2 Servers; Technical requirements; Decoding the Metasploit shell; Working with PowerShell obfuscation; Decoding and decompressing with Python; Case study -- decrypting the Metasploit Reverse HTTPS Shellcode; Analyzing Empire C2; Case study -- CERT. SE's major fraud and hacking criminal case, B 8322-16; Summary; Questions and exercises Computer security. http://id.loc.gov/authorities/subjects/sh90001862 Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Computer crimes Investigation. http://id.loc.gov/authorities/subjects/sh85029493 Forensic sciences. http://id.loc.gov/authorities/subjects/sh90001487 Sécurité informatique. Réseaux d'ordinateurs Sécurité Mesures. Criminalité informatique Enquêtes. Criminalistique. forensic science. aat Computer crimes Investigation fast Computer networks Security measures fast Computer security fast Forensic sciences fast |
| subject_GND | http://id.loc.gov/authorities/subjects/sh90001862 http://id.loc.gov/authorities/subjects/sh94001277 http://id.loc.gov/authorities/subjects/sh85029493 http://id.loc.gov/authorities/subjects/sh90001487 |
| title | Hands-On Network Forensics : Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools. |
| title_auth | Hands-On Network Forensics : Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools. |
| title_exact_search | Hands-On Network Forensics : Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools. |
| title_full | Hands-On Network Forensics : Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools. |
| title_fullStr | Hands-On Network Forensics : Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools. |
| title_full_unstemmed | Hands-On Network Forensics : Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools. |
| title_short | Hands-On Network Forensics : |
| title_sort | hands on network forensics investigate network attacks and find evidence using common network forensic tools |
| title_sub | Investigate Network Attacks and Find Evidence Using Common Network Forensic Tools. |
| topic | Computer security. http://id.loc.gov/authorities/subjects/sh90001862 Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Computer crimes Investigation. http://id.loc.gov/authorities/subjects/sh85029493 Forensic sciences. http://id.loc.gov/authorities/subjects/sh90001487 Sécurité informatique. Réseaux d'ordinateurs Sécurité Mesures. Criminalité informatique Enquêtes. Criminalistique. forensic science. aat Computer crimes Investigation fast Computer networks Security measures fast Computer security fast Forensic sciences fast |
| topic_facet | Computer security. Computer networks Security measures. Computer crimes Investigation. Forensic sciences. Sécurité informatique. Réseaux d'ordinateurs Sécurité Mesures. Criminalité informatique Enquêtes. Criminalistique. forensic science. Computer crimes Investigation Computer networks Security measures Computer security Forensic sciences |
| url | https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=2094764 |
| work_keys_str_mv | AT jaswalnipun handsonnetworkforensicsinvestigatenetworkattacksandfindevidenceusingcommonnetworkforensictools |