Intensively hands-on training for real-world network forensics
Network Forensics provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity. This book is hands-on all the way—by dissecting packets, you gain fundamental knowledge that only comes from experience. Real packet captures and log files demonstrate network traffic investigation, and the learn-by-doing approach relates the essential skills that traditional forensics investigators may not have. From network packet analysis to host artifacts to log analysis and beyond, this book emphasizes the critical techniques that bring evidence to light.
Network forensics is a growing field, and is becoming increasingly central to law enforcement as cybercrime becomes more and more sophisticated. This book provides an unprecedented level of hands-on training to give investigators the skills they need.
- Investigate packet captures to examine network communications
- Locate host-based artifacts and analyze network logs
- Understand intrusion detection systems—and let them do the legwork
- Have the right architecture and systems in place ahead of an incident
Network data is always changing, and is never saved in one place; an investigator must understand how to examine data over time, which involves specialized skills that go above and beyond memory, mobile, or data forensics. Whether you're preparing for a security certification or just seeking deeper training for a law enforcement or IT role, you can only learn so much from concept; to thoroughly understand something, you need to do it. Network Forensics provides intensive hands-on practice with direct translation to real-world application.
Table of Contents
Chapter 1 Introduction To Network Forensics
Chapter 2 Networking Basics
Chapter 3 Host-Side Artifacts
Chapter 4 Packet Capture And Analysis
Chapter 5 Attack Types
Chapter 6 Location Awareness
Chapter 7 Preparing For Attacks
Chapter 8 Intrusion Detection Systems
Chapter 9 Using Firewall And Application Logs
Chapter 10 Correlating Attacks
Chapter 11 Network Scanning
Chapter 12 Final Considerations