Learn to recognize hackers’ tracks and uncover network-based evidence in Network Forensics: Tracking Hackers through Cyberspace. Carve suspicious email attachments from packet captures. Use flow records to track an intruder as he pivots through the network. Analyze a real-world wireless encryption-cracking attack (and then crack the key yourself). Reconstruct a suspect’s web surfing history–and cached web pages, too–from a web proxy. Uncover DNS-tunneled traffic. Dissect the Operation Aurora exploit, caught on the wire.
Throughout the text, step-by-step case studies guide you through the analysis of network-based evidence.
Hackers leave footprints all across the Internet. Can you find their tracks and solve the case? Pick up Network Forensics and find out.
Chapter 1. Practical Investigative Strategies
Chapter 2. Technical Fundamentals
Chapter 3. Evidence Acquisition
Part II: Traffic Analysis
Chapter 4. Packet Analysis
Chapter 5. Statistical Flow Analysis
Chapter 6. Wireless: Network Forensics Unplugged
Chapter 7. Network Intrusion Detection and Analysis
Part III: Network Devices and Servers
Chapter 8. Event Log Aggregation, Correlation, and Analysis
Chapter 9. Switches, Routers, and Firewalls
Chapter 10. Web Proxies
Part IV: Advanced Topics
Chapter 11. Network Tunneling
Chapter 12. Malware Forensics