Mastering Network Forensics  
A practical approach to investigating and defending against network attacks (English Edition)
Author(s): Nipun Jaswal
Published by BPB Publications
ISBN: 9789355516916
Pages: 372

EBOOK (EPUB)

ISBN: 9789355516916   Price: INR 899.00
  
Network forensics is a rapidly growing field with a high demand for skilled professionals. This book provides a comprehensive guide on the subject, covering everything from the fundamentals to advanced topics such as malware analysis and cyber attack investigation. Written by a seasoned expert with over 15 years of experience, this hands-on guide includes practical exercises in offensive security, Windows internals, reverse engineering, and cyber forensics. The book begins with the basics of network forensics, including concepts like digital evidence, network traffic analysis, and log analysis. It teaches you how to identify intrusion attempts, mitigate cyber incidents, and investigate complex cyber attacks. As you progress through the book, you will learn more advanced topics such as malware analysis, reverse engineering, and memory forensics. You will also learn how to use network forensics tools and techniques to investigate real-world incidents. This book concludes with a discussion of the career opportunities available in network forensics and teaches you how to find a job in the field and develop your skills. Overall, this book is an excellent resource for anyone interested in learning about network forensics.
Rating
Description
Network forensics is a rapidly growing field with a high demand for skilled professionals. This book provides a comprehensive guide on the subject, covering everything from the fundamentals to advanced topics such as malware analysis and cyber attack investigation. Written by a seasoned expert with over 15 years of experience, this hands-on guide includes practical exercises in offensive security, Windows internals, reverse engineering, and cyber forensics. The book begins with the basics of network forensics, including concepts like digital evidence, network traffic analysis, and log analysis. It teaches you how to identify intrusion attempts, mitigate cyber incidents, and investigate complex cyber attacks. As you progress through the book, you will learn more advanced topics such as malware analysis, reverse engineering, and memory forensics. You will also learn how to use network forensics tools and techniques to investigate real-world incidents. This book concludes with a discussion of the career opportunities available in network forensics and teaches you how to find a job in the field and develop your skills. Overall, this book is an excellent resource for anyone interested in learning about network forensics.
Table of contents
Table of Contents
  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. About the Author
  6. Acknowledgement
  7. Preface
  8. Table of Contents
  9. 1. Foundations of Network Forensics
    1. Introduction
    2. Structure
    3. Objectives
    4. Types of network forensics
      1. Network forensics investigation methodology
      2. Evidence source types
      3. Source data collection
    5. Setting up the environment for analysis
      1. Listening for Network Packets using TCPDump
      2. Data Reduction Using TCPDump
      3. Utilizing Wireshark for Network Analysis
    6. Case study: Suspicious Web Server
      1. Background
      2. Conducting network forensics
      3. Conducting log analysis
    7. Conclusion
    8. Multiple choice questions
      1. Answers
    9. Long questions
  10. 2. Protocols and Deep Packet Analysis
    1. Introduction
    2. Structure
    3. The OSI model
    4. The TCP/IP model
    5. The Packet structure
      1. The Internet Protocol Header
      2. The Transmission Control Protocol Header
      3. The User Datagram Protocol Header
    6. Case study: Curious case of protocol misuse
      1. The Internet Control Message Protocol (ICMP)
    7. Deep Packet Inspection
      1. Censorship and DPI
      2. SNI Block using DPI
    8. Case study: Investigating Distributed Denial of service attacks
    9. Conclusion
    10. Multiple choice questions
      1. Answers
    11. Long questions
  11. 3. Flow Analysis versus Packet Analysis
    1. Introduction
    2. Structure
    3. Statistical Flow analysis
    4. Flow Record and FRP Systems
    5. Uniflow and BitFlow
    6. Types of Sensor deployment
    7. Flow analysis
      1. Generating IPFIX from PCAP
      2. Analysis and Investigation of the IPFIX data
      3. Identifying Scanning Activity using Silk
    8. Conclusion
    9. Multiple choice questions
      1. Answers
    10. Long questions
  12. 4. Conducting Log Analysis
    1. Introduction
    2. Structure
    3. Objectives
    4. Investigating Remote Login attempts on SSH
    5. Investigating Web Server Attacks with Splunk
    6. Investigating Proxy Logs
    7. Conclusion
    8. Multiple choice questions
      1. Answers
    9. Long questions
  13. 5. Wireless Forensics
    1. Introduction
    2. Structure
    3. Objectives
    4. Basics of Radio Frequency Monitoring
      1. Using RTL-SDR for capturing Radio Frequencies
      2. Using RTL-SDR for frequency sweeping
    5. The 802.11 standard
    6. Evidence types in wireless local area networking
      1. Locating network and device details
      2. Analysing data transmitted through decryption
      3. Identifying a rogue access point: The evil twin attack
    7. Other wireless attacks and their analysis
      1. Authentication and De-Authentication attacks
      2. Denial of Service
    8. Conclusion
    9. Multiple choice questions
      1. Answers
    10. Long questions
  14. 6. TLS Decryption and Visibility
    1. Introduction
    2. Structure
    3. Objectives
    4. Techniques to decrypt SSL/TLS communication
      1. Decrypting SSL/TLS using pre master secret keys
    5. Examining SSL/TLS traffic using proxy
    6. Conclusion
    7. Multiple choice questions
      1. Answers
    8. Long questions
  15. 7. Demystifying Covert Channels
    1. Introduction
    2. Structure
    3. Objectives
    4. Identifying covert communication using proxies
    5. Using MitmProxy to decrypt Dropbox traffic
    6. Using Dropbox API to gather attack details
    7. Uncovering the attack pattern
    8. Uncovering DNS misuse
    9. Conclusion
    10. Multiple choice questions
      1. Answers
    11. Long questions
  16. 8. Analyzing Exploit Kits
    1. Introduction
    2. Structure
    3. Objectives
    4. How exploit kits work
    5. Analysis of an exploit kit infection
    6. Network forensics with Security Onion
    7. Extracting malicious payload
    8. Using Fakenet-Ng to simulate a network
    9. Conclusion
    10. Multiple choice questions
      1. Answers
    11. Long questions
  17. 9. Automating Network Forensics
    1. Introduction
    2. Structure
    3. Objectives
    4. Parsing the Syslog format
      1. Decompressing GZ compressed Logs
      2. Writing a parser for firewall log files
    5. IP reputation analysis
    6. Writing dissectors for protocols in Lua
    7. Conclusion
    8. Multiple choice questions
      1. Answers
    9. Long questions
  18. 10. Backtracking Malware
    1. Introduction
    2. Structure
    3. Objectives
    4. Investigating Cobalt Strike Encrypted traffic
      1. Decrypting Cobalt Strike Encrypted Traffic Using Leaked Keys
    5. Investigating TeamViewer and AnyDesk
      1. Proactive monitoring of TeamViewer Sessions
      2. Investigating AnyDesk sessions
    6. Conclusion
    7. Multiple choice questions
      1. Answers
    8. Long questions
  19. 11. Investigating Ransomware Attacks
    1. Introduction
    2. Structure
    3. Objectives
    4. Analysis of WannaCry ransomware
    5. Capturing ransomware keys for decryption
      1. PyLocky ransomware key Recovery
      2. Recovering Keys for Hidden Tear ransomware
    6. Analyzing GandCrab ransomware
    7. Case Study: REVIL ransomware at a Bank
      1. Network evidence from Windows Event logs
    8. Conclusion
    9. Multiple choice questions
      1. Answers
    10. Long questions
  20. 12. Investigating Command and Control Systems
    1. Introduction
    2. Structure
    3. Objectives
    4. Investigating Metasploit Reverse Shell
    5. Investigating Meterpreter Reverse Shell
    6. Investigating Meterpreter Stageless Reverse Shell
    7. Conclusion
    8. Multiple choice questions
      1. Answers
    9. Long questions
  21. 13. Investigating Attacks on Email Servers
    1. Introduction
    2. Objectives
    3. Structure
    4. Analysis of ProxyLogon attack
      1. Investigating ProxyLogon attack
    5. Investigating Email authentication logs
    6. Conclusion
    7. Multiple choice questions
      1. Answers
    8. Long questions
  22. 14. Investigating Web Server Attacks
    1. Introduction
    2. Structure
    3. Objectives
    4. Web Server attack analysis
      1. Investigating Web Server logs
      2. Investigating Full Packet Captures for Web Server Traffic
      3. Investigating MySQL logs
    5. Conclusion
    6. Multiple choice questions
      1. Answers
    7. Long questions
  23. Index
User Reviews
Rating