Hands-On Network Forensics

▶Book Description
Network forensics is a subset of digital forensics that deals with network attacks and their investigation. In the era of network attacks and malware threat, it's now more important than ever to have skills to investigate network attacks and vulnerabilities.

Hands-On Network Forensics starts with the core concepts within network forensics, including coding, networking, forensics tools, and methodologies for forensic investigations. You'll then explore the tools used for network forensics, followed by understanding how to apply those tools to a PCAP file and write the accompanying report. In addition to this, you will understand how statistical flow analysis, network enumeration, tunneling and encryption, and malware detection can be used to investigate your network. Towards the end of this book, you will discover how network correlation works and how to bring all the information from different types of network devices together.

By the end of this book, you will have gained hands-on experience of performing forensics analysis tasks.

▶What You Will Learn
⦁ Discover and interpret encrypted traffic
⦁ Learn about various protocols
⦁ Understand the malware language over wire
⦁ Gain insights into the most widely used malware
⦁ Correlate data collected from attacks
⦁ Develop tools and custom scripts for network forensics automation

▶Key Features
⦁ Investigate network threats with ease
⦁ Practice forensics tasks such as intrusion detection, network analysis, and scanning
⦁ Learn forensics investigation at the network level

▶Who This Book Is For
The book targets incident responders, network engineers, analysts, forensic engineers and network administrators who want to extend their knowledge from the surface to the deep levels of understanding the science behind network protocols, critical indicators in an incident and conducting a forensic search over the wire.

▶What this book covers
⦁ Chapter 1, Introducing Network Forensics, lays the network forensics base for you and will focus on the key concepts that will aid in understanding network anomalies and behavior.

⦁ Chapter 2, Technical Concepts and Acquiring Evidence, focuses on developing some fundamental knowledge and insights into network forensics. This chapter will discuss the IP suite, the collection of evidence, and internetworking through hands-on practical exercises.

⦁ Chapter 3, Deep Packet Inspection, focuses on key concepts related to widely used protocols, such as Dynamic Host Configuration Protocol (DHCP), Simple Mail Transfer Protocol(SMTP), and Hyper Text Transfer Protocol(HTTP).

⦁ Chapter 4, Statistical Flow Analysis, demonstrates statistical flow analysis, collection and aggregation, and protocols and flow record export protocols.

⦁ Chapter 5, Combatting Tunneling and Encryption, focuses on network tunneling, its concepts, and an analysis from the perspective of network forensics.

⦁ Chapter 6, Investigating Good, Known, and Ugly Malware, focuses on malware forensics over an infected network by making use of various tools and techniques. It discusses many modern malware examples, their modus operandi, and focuses on developing skills in investigating network behavior and patterns in relation to malware.

⦁ Chapter 7, Investigating C2 Servers, focuses on Command and Control (C2) servers, their execution over the network, widely used C2 ecosystems, and the most critical identifiers to look for while working with C2-based malware.

⦁ Chapter 8, Investigating and Analyzing Logs, primarily focuses on working with a variety of log types and gathering inputs to ultimately aid your network forensics exercises.

⦁ Chapter 9, WLAN Forensics, highlights critical concepts in relation to Wi-Fi forensics, and discusses various packet structures and sources of evidence while familiarizing you with finding rogue access points and identifying attack patterns.

⦁ Chapter 10, Automated Evidence Aggregation and Analysis, focuses on developing scripts, tools, segregation techniques, and methodologies for automation while processing a large evidence set. This chapter also highlights the insights of reading network packets and PCAP through programming while automating manual techniques.