English

Network Forensics: Tracking Hackers through Cyberspace ,1st edition::9780132565103

Access educator resources

Published by Pearson (June 18, 2012) © 2012

Sherri Davidoff | Jonathan Ham
    VitalSource eTextbook (Lifetime access)
    €35,99
    Adding to cart… The item has been added
    ISBN-13: 9780132565103

    Network Forensics: Tracking Hackers through Cyberspace ,1st edition

    Published 2012

    Language: English

    “This is a must-have work for anybody in information security, digital forensics, or involved with incident handling. As we move away from traditional disk-based analysis into the interconnectivity of the cloud, Sherri and Jonathan have created a framework and roadmap that will act as a seminal work in this developing field.”

    – Dr. Craig S. Wright (GSE), Asia Pacific Director at Global Institute for Cyber Security + Research.

     

    “It’s like a symphony meeting an encyclopedia meeting a spy novel.”

    –Michael Ford, Corero Network Security

     

    On the Internet, every action leaves a mark–in routers, firewalls, web proxies, and within network traffic itself. When a hacker breaks into a bank, or an insider smuggles secrets to a competitor, evidence of the crime is always left behind.

     

    Learn to recognize hackers’ tracks and uncover network-based evidence in Network Forensics: Tracking Hackers through Cyberspace.Carve suspicious email attachments from packet captures. Use flow records to track an intruder as he pivots through the network. Analyze a real-world wireless encryption-cracking attack (and then crack the key yourself). Reconstruct a suspect’s web surfing history–and cached web pages, too–from a web proxy. Uncover DNS-tunneled traffic. Dissect the Operation Aurora exploit, caught on the wire.

     

    Throughout the text, step-by-step case studies guide you through the analysis of network-based evidence. You can download the evidence files from the authors’ web site (lmgsecurity.com), and follow along to gain hands-on experience.

     

    Hackers leave footprints all across the Internet. Can you find their tracks and solve the case? Pick up Network Forensicsand find out.

     

    Foreword          xvii

    Preface         xix

    Acknowledgments          xxv

    About the Authors         xxvii

     

    Part I: Foundation          1

    Chapter 1: Practical Investigative Strategies          3

    1.1 Real-World Cases   3

    1.2 Footprints   8

    1.3 Concepts in Digital Evidence   9

    1.4 Challenges Relating to Network Evidence   16

    1.5 Network Forensics Investigative Methodology (OSCAR)   17

    1.6 Conclusion   22

     

    Chapter 2: Technical Fundamentals            23

    2.1 Sources of Network-Based Evidence   23

    2.2 Principles of Internetworking   30

    2.3 Internet Protocol Suite   35

    2.4 Conclusion   44

     

    Chapter 3: Evidence Acquisition         45

    3.1 Physical Interception   46

    3.2 Traffic Acquisition Software   54

    3.3 Active Acquisition   65

    3.4 Conclusion  72

     

    Part II: Traffic Analysis           73

    Chapter 4: Packet Analysis          75

    4.1 Protocol Analysis   76

    4.2 Packet Analysis   95

    4.3 Flow Analysis   103

    4.4 Higher-Layer Traffic Analysis   120

    4.5 Conclusion   133

    4.6 Case Study: Ann’s Rendezvous   135

     

    Chapter 5: Statistical Flow Analysis          159

    5.1 Process Overview   160

    5.2 Sensors   161

    5.3 Flow Record Export Protocols   166

    5.4 Collection and Aggregation   168

    5.5 Analysis   172

    5.6 Conclusion   183

    5.7 Case Study: The Curious Mr. X   184

     

    Chapter 6: Wireless: Network Forensics Unplugged           199

    6.1 The IEEE Layer 2 Protocol Series   201

    6.2 Wireless Access Points (WAPs)   214

    6.3 Wireless Traffic Capture and Analysis   219

    6.4 Common Attacks   224

    6.5 Locating Wireless Devices   229

    6.6 Conclusion   235

    6.7 Case Study: HackMe, Inc.   236

     

    Chapter 7: Network Intrusion Detection and Analysis          257

    7.1 Why Investigate NIDS/NIPS?   258

    7.2 Typical NIDS/NIPS Functionality   258

    7.3 Modes of Detection   261

    7.4 Types of NIDS/NIPSs   262

    7.5 NIDS/NIPS Evidence Acquisition   264

    7.6 Comprehensive Packet Logging   267

    7.7 Snort   268

    7.8 Conclusion   275

    7.9 Case Study: Inter0ptic Saves the Planet (Part 1 of 2)   276

     

    Part III: Network Devices and Servers           289

    Chapter 8: Event Log Aggregation, Correlation, and Analysis   291

    8.1 Sources of Logs   292

    8.2 Network Log Architecture   306

    8.3 Collecting and Analyzing Evidence   311

    8.4 Conclusion   317

    8.5 Case Study: L0ne Sh4rk’s Revenge   318

     

    Chapter 9: Switches, Routers, and Firewalls           335

    9.1 Storage Media   336

    9.2 Switches   336

    9.3 Routers   340

    9.4 Firewalls   344

    9.5 Interfaces   348

    9.6 Logging   352

    9.7 Conclusion   355

    9.8 Case Study: Ann’s Coffee Ring   356

     

    Chapter 10: Web Proxies         369

    10.1 Why Investigate Web Proxies?   369

    10.2 Web Proxy Functionality   371

    10.3 Evidence   375

    10.4 Squid   377

    10.5 Web Proxy Analysis   381

    10.6 Encrypted Web Traffic   392

    10.7 Conclusion   401

    10.8 Case Study: Inter0ptic Saves the Planet (Part 2 of 2)   402

     

    Part IV: Advanced Topics          421

    Chapter 11: Network Tunneling          423

    11.1 Tunneling for Functionality   423

    11.2 Tunneling for Confidentiality   427

    11.3 Covert Tunneling   430

    11.4 Conclusion   439

    11.5 Case Study: Ann Tunnels Underground   441

     

    Chapter 12: Malware Forensics         461

    12.1 Trends in Malware Evolution   462

    12.2 Network Behavior of Malware   484

    12.3 The Future of Malware and Network Forensics   491

    12.4 Case Study: Ann’s Aurora   492

     

    Afterword         519

     

    Index          521

     

    !