Description

Book Synopsis
Intensively hands-on training for real-world network forensics Network Forensics provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity.

Table of Contents

Introduction xxi

1 Introduction to Network Forensics 1

What Is Forensics? 3

Handling Evidence 4

Cryptographic Hashes 5

Chain of Custody 8

Incident Response 8

The Need for Network Forensic Practitioners 10

Summary 11

References 12

2 Networking Basics 13

Protocols 14

Open Systems Interconnection (OSI) Model 16

TCP/IP Protocol Suite 18

Protocol Data Units 19

Request for Comments 20

Internet Registries 23

Internet Protocol and Addressing 25

Internet Protocol Addresses 28

Internet Control Message Protocol (ICMP) 31

Internet Protocol Version 6 (IPv6) 31

Transmission Control Protocol (TCP) 33

Connection-Oriented Transport 36

User Datagram Protocol (UDP) 38

Connectionless Transport 39

Ports 40

Domain Name System 42

Support Protocols (DHCP) 46

Support Protocols (ARP) 48

Summary 49

References 51

3 Host-Side Artifacts 53

Services 54

Connections 60

Tools 62

netstat 63

nbstat 66

ifconfi g/ipconfi g 68

Sysinternals 69

ntop 73

Task Manager/Resource Monitor 75

ARP 77

/proc Filesystem 78

Summary 79

4 Packet Capture and Analysis 81

Capturing Packets 82

Tcpdump/Tshark 84

Wireshark 89

Taps 91

Port Spanning 93

ARP Spoofi ng 94

Passive Scanning 96

Packet Analysis with Wireshark 98

Packet Decoding 98

Filtering 101

Statistics 102

Following Streams 105

Gathering Files 106

Network Miner 108

Summary 110

5 Attack Types 113

Denial of Service Attacks 114

SYN Floods 115

Malformed Packets 118

UDP Floods 122

Amplifi cation Attacks 124

Distributed Attacks 126

Backscatter 128

Vulnerability Exploits 130

Insider Threats 132

Evasion 134

Application Attacks 136

Summary 140

6 Location Awareness 143

Time Zones 144

Using whois 147

Traceroute 150

Geolocation 153

Location-Based Services 156

WiFi Positioning 157

Summary 158

7 Preparing for Attacks 159

NetFlow 160

Logging 165

Syslog 166

Windows Event Logs 171

Firewall Logs 173

Router and Switch Logs 177

Log Servers and Monitors 178

Antivirus 180

Incident Response Preparation 181

Google Rapid Response 182

Commercial Offerings 182

Security Information and Event Management 183

Summary 185

8 Intrusion Detection Systems 187

Detection Styles 188

Signature-Based 188

Heuristic 189

Host-Based versus Network-Based 190

Snort 191

Suricata and Sagan 201

Bro 203

Tripwire 205

OSSEC 206

Architecture 206

Alerting 207

Summary 208

9 Using Firewall and Application Logs 211

Syslog 212

Centralized Logging 216

Reading Log Messages 220

LogWatch 222

Event Viewer 224

Querying Event Logs 227

Clearing Event Logs 231

Firewall Logs 233

Proxy Logs 236

Web Application Firewall Logs 238

Common Log Format 240

Summary 243

10 Correlating Attacks 245

Time Synchronization 246

Time Zones 246

Network Time Protocol 247

Packet Capture Times 249

Log Aggregation and Management 251

Windows Event Forwarding 251

Syslog 252

Log Management Offerings 254

Timelines 257

Plaso 258

PacketTotal 259

Wireshark 261

Security Information and Event Management 262

Summary 263

11 Network Scanning 265

Port Scanning 266

Operating System Analysis 271

Scripts 273

Banner Grabbing 275

Ping Sweeps 278

Vulnerability Scanning 280

Port Knocking 285

Tunneling 286

Passive Data Gathering 287

Summary 289

12 Final Considerations 291

Encryption 292

Keys 293

Symmetric 294

Asymmetric 295

Hybrid 296

SSL/TLS 297

Cloud Computing 306

Infrastructure as a Service 306

Storage as a Service 309

Software as a Service 310

Other Factors 311

The Onion Router (TOR) 314

Summary 317

Index 319

Network Forensics

    Product form

    £45.12

    Includes FREE delivery

    RRP £47.50 – you save £2.38 (5%)

    Order before 4pm tomorrow for delivery by Sat 4 Jul 2026.

    A Paperback / softback by Ric Messier

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of Network Forensics by Ric Messier

      Publisher: John Wiley & Sons Inc
      Publication Date: 15/09/2017
      ISBN13: 9781119328285, 978-1119328285
      ISBN10: 1119328284
      Also in:
      Computer networking and communications Network security

      Description

      Book Synopsis
      Intensively hands-on training for real-world network forensics Network Forensics provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity.

      Table of Contents

      Introduction xxi

      1 Introduction to Network Forensics 1

      What Is Forensics? 3

      Handling Evidence 4

      Cryptographic Hashes 5

      Chain of Custody 8

      Incident Response 8

      The Need for Network Forensic Practitioners 10

      Summary 11

      References 12

      2 Networking Basics 13

      Protocols 14

      Open Systems Interconnection (OSI) Model 16

      TCP/IP Protocol Suite 18

      Protocol Data Units 19

      Request for Comments 20

      Internet Registries 23

      Internet Protocol and Addressing 25

      Internet Protocol Addresses 28

      Internet Control Message Protocol (ICMP) 31

      Internet Protocol Version 6 (IPv6) 31

      Transmission Control Protocol (TCP) 33

      Connection-Oriented Transport 36

      User Datagram Protocol (UDP) 38

      Connectionless Transport 39

      Ports 40

      Domain Name System 42

      Support Protocols (DHCP) 46

      Support Protocols (ARP) 48

      Summary 49

      References 51

      3 Host-Side Artifacts 53

      Services 54

      Connections 60

      Tools 62

      netstat 63

      nbstat 66

      ifconfi g/ipconfi g 68

      Sysinternals 69

      ntop 73

      Task Manager/Resource Monitor 75

      ARP 77

      /proc Filesystem 78

      Summary 79

      4 Packet Capture and Analysis 81

      Capturing Packets 82

      Tcpdump/Tshark 84

      Wireshark 89

      Taps 91

      Port Spanning 93

      ARP Spoofi ng 94

      Passive Scanning 96

      Packet Analysis with Wireshark 98

      Packet Decoding 98

      Filtering 101

      Statistics 102

      Following Streams 105

      Gathering Files 106

      Network Miner 108

      Summary 110

      5 Attack Types 113

      Denial of Service Attacks 114

      SYN Floods 115

      Malformed Packets 118

      UDP Floods 122

      Amplifi cation Attacks 124

      Distributed Attacks 126

      Backscatter 128

      Vulnerability Exploits 130

      Insider Threats 132

      Evasion 134

      Application Attacks 136

      Summary 140

      6 Location Awareness 143

      Time Zones 144

      Using whois 147

      Traceroute 150

      Geolocation 153

      Location-Based Services 156

      WiFi Positioning 157

      Summary 158

      7 Preparing for Attacks 159

      NetFlow 160

      Logging 165

      Syslog 166

      Windows Event Logs 171

      Firewall Logs 173

      Router and Switch Logs 177

      Log Servers and Monitors 178

      Antivirus 180

      Incident Response Preparation 181

      Google Rapid Response 182

      Commercial Offerings 182

      Security Information and Event Management 183

      Summary 185

      8 Intrusion Detection Systems 187

      Detection Styles 188

      Signature-Based 188

      Heuristic 189

      Host-Based versus Network-Based 190

      Snort 191

      Suricata and Sagan 201

      Bro 203

      Tripwire 205

      OSSEC 206

      Architecture 206

      Alerting 207

      Summary 208

      9 Using Firewall and Application Logs 211

      Syslog 212

      Centralized Logging 216

      Reading Log Messages 220

      LogWatch 222

      Event Viewer 224

      Querying Event Logs 227

      Clearing Event Logs 231

      Firewall Logs 233

      Proxy Logs 236

      Web Application Firewall Logs 238

      Common Log Format 240

      Summary 243

      10 Correlating Attacks 245

      Time Synchronization 246

      Time Zones 246

      Network Time Protocol 247

      Packet Capture Times 249

      Log Aggregation and Management 251

      Windows Event Forwarding 251

      Syslog 252

      Log Management Offerings 254

      Timelines 257

      Plaso 258

      PacketTotal 259

      Wireshark 261

      Security Information and Event Management 262

      Summary 263

      11 Network Scanning 265

      Port Scanning 266

      Operating System Analysis 271

      Scripts 273

      Banner Grabbing 275

      Ping Sweeps 278

      Vulnerability Scanning 280

      Port Knocking 285

      Tunneling 286

      Passive Data Gathering 287

      Summary 289

      12 Final Considerations 291

      Encryption 292

      Keys 293

      Symmetric 294

      Asymmetric 295

      Hybrid 296

      SSL/TLS 297

      Cloud Computing 306

      Infrastructure as a Service 306

      Storage as a Service 309

      Software as a Service 310

      Other Factors 311

      The Onion Router (TOR) 314

      Summary 317

      Index 319

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account