Description

Book Synopsis
Intensively hands-on training for real-world network forensics Network Forensics provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity.

Table of Contents

Introduction xxi

1 Introduction to Network Forensics 1

What Is Forensics? 3

Handling Evidence 4

Cryptographic Hashes 5

Chain of Custody 8

Incident Response 8

The Need for Network Forensic Practitioners 10

Summary 11

References 12

2 Networking Basics 13

Protocols 14

Open Systems Interconnection (OSI) Model 16

TCP/IP Protocol Suite 18

Protocol Data Units 19

Request for Comments 20

Internet Registries 23

Internet Protocol and Addressing 25

Internet Protocol Addresses 28

Internet Control Message Protocol (ICMP) 31

Internet Protocol Version 6 (IPv6) 31

Transmission Control Protocol (TCP) 33

Connection-Oriented Transport 36

User Datagram Protocol (UDP) 38

Connectionless Transport 39

Ports 40

Domain Name System 42

Support Protocols (DHCP) 46

Support Protocols (ARP) 48

Summary 49

References 51

3 Host-Side Artifacts 53

Services 54

Connections 60

Tools 62

netstat 63

nbstat 66

ifconfi g/ipconfi g 68

Sysinternals 69

ntop 73

Task Manager/Resource Monitor 75

ARP 77

/proc Filesystem 78

Summary 79

4 Packet Capture and Analysis 81

Capturing Packets 82

Tcpdump/Tshark 84

Wireshark 89

Taps 91

Port Spanning 93

ARP Spoofi ng 94

Passive Scanning 96

Packet Analysis with Wireshark 98

Packet Decoding 98

Filtering 101

Statistics 102

Following Streams 105

Gathering Files 106

Network Miner 108

Summary 110

5 Attack Types 113

Denial of Service Attacks 114

SYN Floods 115

Malformed Packets 118

UDP Floods 122

Amplifi cation Attacks 124

Distributed Attacks 126

Backscatter 128

Vulnerability Exploits 130

Insider Threats 132

Evasion 134

Application Attacks 136

Summary 140

6 Location Awareness 143

Time Zones 144

Using whois 147

Traceroute 150

Geolocation 153

Location-Based Services 156

WiFi Positioning 157

Summary 158

7 Preparing for Attacks 159

NetFlow 160

Logging 165

Syslog 166

Windows Event Logs 171

Firewall Logs 173

Router and Switch Logs 177

Log Servers and Monitors 178

Antivirus 180

Incident Response Preparation 181

Google Rapid Response 182

Commercial Offerings 182

Security Information and Event Management 183

Summary 185

8 Intrusion Detection Systems 187

Detection Styles 188

Signature-Based 188

Heuristic 189

Host-Based versus Network-Based 190

Snort 191

Suricata and Sagan 201

Bro 203

Tripwire 205

OSSEC 206

Architecture 206

Alerting 207

Summary 208

9 Using Firewall and Application Logs 211

Syslog 212

Centralized Logging 216

Reading Log Messages 220

LogWatch 222

Event Viewer 224

Querying Event Logs 227

Clearing Event Logs 231

Firewall Logs 233

Proxy Logs 236

Web Application Firewall Logs 238

Common Log Format 240

Summary 243

10 Correlating Attacks 245

Time Synchronization 246

Time Zones 246

Network Time Protocol 247

Packet Capture Times 249

Log Aggregation and Management 251

Windows Event Forwarding 251

Syslog 252

Log Management Offerings 254

Timelines 257

Plaso 258

PacketTotal 259

Wireshark 261

Security Information and Event Management 262

Summary 263

11 Network Scanning 265

Port Scanning 266

Operating System Analysis 271

Scripts 273

Banner Grabbing 275

Ping Sweeps 278

Vulnerability Scanning 280

Port Knocking 285

Tunneling 286

Passive Data Gathering 287

Summary 289

12 Final Considerations 291

Encryption 292

Keys 293

Symmetric 294

Asymmetric 295

Hybrid 296

SSL/TLS 297

Cloud Computing 306

Infrastructure as a Service 306

Storage as a Service 309

Software as a Service 310

Other Factors 311

The Onion Router (TOR) 314

Summary 317

Index 319

Network Forensics

Product form

£42.75

Includes FREE delivery

RRP £47.50 – you save £4.75 (10%)

Order before 4pm tomorrow for delivery by Wed 21 Jan 2026.

A Paperback / softback by Ric Messier

Out of stock


    View other formats and editions of Network Forensics by Ric Messier

    Publisher: John Wiley & Sons Inc
    Publication Date: 15/09/2017
    ISBN13: 9781119328285, 978-1119328285
    ISBN10: 1119328284
    Also in:
    Computer networking and communications Network security

    Description

    Book Synopsis
    Intensively hands-on training for real-world network forensics Network Forensics provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity.

    Table of Contents

    Introduction xxi

    1 Introduction to Network Forensics 1

    What Is Forensics? 3

    Handling Evidence 4

    Cryptographic Hashes 5

    Chain of Custody 8

    Incident Response 8

    The Need for Network Forensic Practitioners 10

    Summary 11

    References 12

    2 Networking Basics 13

    Protocols 14

    Open Systems Interconnection (OSI) Model 16

    TCP/IP Protocol Suite 18

    Protocol Data Units 19

    Request for Comments 20

    Internet Registries 23

    Internet Protocol and Addressing 25

    Internet Protocol Addresses 28

    Internet Control Message Protocol (ICMP) 31

    Internet Protocol Version 6 (IPv6) 31

    Transmission Control Protocol (TCP) 33

    Connection-Oriented Transport 36

    User Datagram Protocol (UDP) 38

    Connectionless Transport 39

    Ports 40

    Domain Name System 42

    Support Protocols (DHCP) 46

    Support Protocols (ARP) 48

    Summary 49

    References 51

    3 Host-Side Artifacts 53

    Services 54

    Connections 60

    Tools 62

    netstat 63

    nbstat 66

    ifconfi g/ipconfi g 68

    Sysinternals 69

    ntop 73

    Task Manager/Resource Monitor 75

    ARP 77

    /proc Filesystem 78

    Summary 79

    4 Packet Capture and Analysis 81

    Capturing Packets 82

    Tcpdump/Tshark 84

    Wireshark 89

    Taps 91

    Port Spanning 93

    ARP Spoofi ng 94

    Passive Scanning 96

    Packet Analysis with Wireshark 98

    Packet Decoding 98

    Filtering 101

    Statistics 102

    Following Streams 105

    Gathering Files 106

    Network Miner 108

    Summary 110

    5 Attack Types 113

    Denial of Service Attacks 114

    SYN Floods 115

    Malformed Packets 118

    UDP Floods 122

    Amplifi cation Attacks 124

    Distributed Attacks 126

    Backscatter 128

    Vulnerability Exploits 130

    Insider Threats 132

    Evasion 134

    Application Attacks 136

    Summary 140

    6 Location Awareness 143

    Time Zones 144

    Using whois 147

    Traceroute 150

    Geolocation 153

    Location-Based Services 156

    WiFi Positioning 157

    Summary 158

    7 Preparing for Attacks 159

    NetFlow 160

    Logging 165

    Syslog 166

    Windows Event Logs 171

    Firewall Logs 173

    Router and Switch Logs 177

    Log Servers and Monitors 178

    Antivirus 180

    Incident Response Preparation 181

    Google Rapid Response 182

    Commercial Offerings 182

    Security Information and Event Management 183

    Summary 185

    8 Intrusion Detection Systems 187

    Detection Styles 188

    Signature-Based 188

    Heuristic 189

    Host-Based versus Network-Based 190

    Snort 191

    Suricata and Sagan 201

    Bro 203

    Tripwire 205

    OSSEC 206

    Architecture 206

    Alerting 207

    Summary 208

    9 Using Firewall and Application Logs 211

    Syslog 212

    Centralized Logging 216

    Reading Log Messages 220

    LogWatch 222

    Event Viewer 224

    Querying Event Logs 227

    Clearing Event Logs 231

    Firewall Logs 233

    Proxy Logs 236

    Web Application Firewall Logs 238

    Common Log Format 240

    Summary 243

    10 Correlating Attacks 245

    Time Synchronization 246

    Time Zones 246

    Network Time Protocol 247

    Packet Capture Times 249

    Log Aggregation and Management 251

    Windows Event Forwarding 251

    Syslog 252

    Log Management Offerings 254

    Timelines 257

    Plaso 258

    PacketTotal 259

    Wireshark 261

    Security Information and Event Management 262

    Summary 263

    11 Network Scanning 265

    Port Scanning 266

    Operating System Analysis 271

    Scripts 273

    Banner Grabbing 275

    Ping Sweeps 278

    Vulnerability Scanning 280

    Port Knocking 285

    Tunneling 286

    Passive Data Gathering 287

    Summary 289

    12 Final Considerations 291

    Encryption 292

    Keys 293

    Symmetric 294

    Asymmetric 295

    Hybrid 296

    SSL/TLS 297

    Cloud Computing 306

    Infrastructure as a Service 306

    Storage as a Service 309

    Software as a Service 310

    Other Factors 311

    The Onion Router (TOR) 314

    Summary 317

    Index 319

    Recently viewed products

    © 2026 Book Curl

      • American Express
      • Apple Pay
      • Diners Club
      • Discover
      • Google Pay
      • Maestro
      • Mastercard
      • PayPal
      • Shop Pay
      • Union Pay
      • Visa

      Login

      Forgot your password?

      Don't have an account yet?
      Create account