Network Forensics: Tracking Hackers through Cyberspace [NOOK Book]

Be the first to write a review

Overview

“This is a must-have work for anybody in information security, digital forensics, or involved with incident handling. As we move away from traditional disk-based analysis into the interconnectivity of the cloud, Sherri and Jonathan have created a framework and roadmap that will act as a seminal work in this developing field.”

– Dr. Craig S. Wright (GSE), Asia Pacific Director at Global Institute for Cyber Security + Research.

 

“It’s like ...

See more details below
Network Forensics: Tracking Hackers through Cyberspace

Available on NOOK devices and apps  
  • NOOK Devices
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK Study

Want a NOOK? Explore Now

NOOK Book (eBook)
$31.99
BN.com price
(Save 42%)$55.99 List Price

More About This Book

Overview

“This is a must-have work for anybody in information security, digital forensics, or involved with incident handling. As we move away from traditional disk-based analysis into the interconnectivity of the cloud, Sherri and Jonathan have created a framework and roadmap that will act as a seminal work in this developing field.”

– Dr. Craig S. Wright (GSE), Asia Pacific Director at Global Institute for Cyber Security + Research.

 

“It’s like a symphony meeting an encyclopedia meeting a spy novel.”

–Michael Ford, Corero Network Security

 

On the Internet, every action leaves a mark–in routers, firewalls, web proxies, and within network traffic itself. When a hacker breaks into a bank, or an insider smuggles secrets to a competitor, evidence of the crime is always left behind.

 

Learn to recognize hackers’ tracks and uncover network-based evidence in Network Forensics: Tracking Hackers through Cyberspace. Carve suspicious email attachments from packet captures. Use flow records to track an intruder as he pivots through the network. Analyze a real-world wireless encryption-cracking attack (and then crack the key yourself). Reconstruct a suspect’s web surfing history–and cached web pages, too–from a web proxy. Uncover DNS-tunneled traffic. Dissect the Operation Aurora exploit, caught on the wire.

 

Throughout the text, step-by-step case studies guide you through the analysis of network-based evidence. You can download the evidence files from the authors’ web site (lmgsecurity.com), and follow along to gain hands-on experience.

 

Hackers leave footprints all across the Internet. Can you find their tracks and solve the case? Pick up Network Forensics and find out.

 

Read More Show Less

Product Details

  • ISBN-13: 9780132565103
  • Publisher: Pearson Education
  • Publication date: 7/2/2012
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 1
  • Pages: 576
  • Sales rank: 524,028
  • File size: 47 MB
  • Note: This product may take a few minutes to download.

Meet the Author

Sherri Davidoff is a founder of LMG Security, an information security consulting and research firm. Her specialties include network penetration testing, digital forensics, social engineering testing, and web application assessments. She holds her S.B. in Computer Science and Electrical Engineering from MIT.

 

Jonathan Ham has been commissioned to teach NCIS investigators how to use Snort, performed packet analysis from a facility more than two thousand feet underground, taught intrusion analysis to the NSA, and chartered and trained the CIRT for one of the largest U.S. civilian federal agencies. He is a founder of LMG Security. His favorite field is ip[6:2].

Read More Show Less

Table of Contents

Foreword          xvii

Preface         xix

Acknowledgments          xxv

About the Authors         xxvii

 

Part I: Foundation          1

Chapter 1: Practical Investigative Strategies          3

1.1 Real-World Cases   3

1.2 Footprints   8

1.3 Concepts in Digital Evidence   9

1.4 Challenges Relating to Network Evidence   16

1.5 Network Forensics Investigative Methodology (OSCAR)   17

1.6 Conclusion   22

 

Chapter 2: Technical Fundamentals            23

2.1 Sources of Network-Based Evidence   23

2.2 Principles of Internetworking   30

2.3 Internet Protocol Suite   35

2.4 Conclusion   44

 

Chapter 3: Evidence Acquisition         45

3.1 Physical Interception   46

3.2 Traffic Acquisition Software   54

3.3 Active Acquisition   65

3.4 Conclusion  72

 

Part II: Traffic Analysis           73

Chapter 4: Packet Analysis          75

4.1 Protocol Analysis   76

4.2 Packet Analysis   95

4.3 Flow Analysis   103

4.4 Higher-Layer Traffic Analysis   120

4.5 Conclusion   133

4.6 Case Study: Ann’s Rendezvous   135

 

Chapter 5: Statistical Flow Analysis          159

5.1 Process Overview   160

5.2 Sensors   161

5.3 Flow Record Export Protocols   166

5.4 Collection and Aggregation   168

5.5 Analysis   172

5.6 Conclusion   183

5.7 Case Study: The Curious Mr. X   184

 

Chapter 6: Wireless: Network Forensics Unplugged           199

6.1 The IEEE Layer 2 Protocol Series   201

6.2 Wireless Access Points (WAPs)   214

6.3 Wireless Traffic Capture and Analysis   219

6.4 Common Attacks   224

6.5 Locating Wireless Devices   229

6.6 Conclusion   235

6.7 Case Study: HackMe, Inc.   236

 

Chapter 7: Network Intrusion Detection and Analysis          257

7.1 Why Investigate NIDS/NIPS?   258

7.2 Typical NIDS/NIPS Functionality   258

7.3 Modes of Detection   261

7.4 Types of NIDS/NIPSs   262

7.5 NIDS/NIPS Evidence Acquisition   264

7.6 Comprehensive Packet Logging   267

7.7 Snort   268

7.8 Conclusion   275

7.9 Case Study: Inter0ptic Saves the Planet (Part 1 of 2)   276

 

Part III: Network Devices and Servers           289

Chapter 8: Event Log Aggregation, Correlation, and Analysis   291

8.1 Sources of Logs   292

8.2 Network Log Architecture   306

8.3 Collecting and Analyzing Evidence   311

8.4 Conclusion   317

8.5 Case Study: L0ne Sh4rk’s Revenge   318

 

Chapter 9: Switches, Routers, and Firewalls           335

9.1 Storage Media   336

9.2 Switches   336

9.3 Routers   340

9.4 Firewalls   344

9.5 Interfaces   348

9.6 Logging   352

9.7 Conclusion   355

9.8 Case Study: Ann’s Coffee Ring   356

 

Chapter 10: Web Proxies         369

10.1 Why Investigate Web Proxies?   369

10.2 Web Proxy Functionality   371

10.3 Evidence   375

10.4 Squid   377

10.5 Web Proxy Analysis   381

10.6 Encrypted Web Traffic   392

10.7 Conclusion   401

10.8 Case Study: Inter0ptic Saves the Planet (Part 2 of 2)   402

 

Part IV: Advanced Topics          421

Chapter 11: Network Tunneling          423

11.1 Tunneling for Functionality   423

11.2 Tunneling for Confidentiality   427

11.3 Covert Tunneling   430

11.4 Conclusion   439

11.5 Case Study: Ann Tunnels Underground   441

 

Chapter 12: Malware Forensics         461

12.1 Trends in Malware Evolution   462

12.2 Network Behavior of Malware   484

12.3 The Future of Malware and Network Forensics   491

12.4 Case Study: Ann’s Aurora   492

 

Afterword         519

 

Index          521

 

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Review Guidelines
Add Recommendations
Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)