Muutke küpsiste eelistusi

E-raamat: Network Forensics

4.50/5 (4 hinnangut Goodreads-ist)
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 14-Jul-2017
  • Kirjastus: John Wiley & Sons Inc
  • Keel: eng
  • ISBN-13: 9781119329183
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 55,58 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
  • Raamatukogudele
Network ForensicsSuurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 14-Jul-2017
  • Kirjastus: John Wiley & Sons Inc
  • Keel: eng
  • ISBN-13: 9781119329183
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Intensively hands-on training for real-world network forensics

Network Forensics provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity. This book is hands-on all the way—by dissecting packets, you gain fundamental knowledge that only comes from experience. Real packet captures and log files demonstrate network traffic investigation, and the learn-by-doing approach relates the essential skills that traditional forensics investigators may not have. From network packet analysis to host artifacts to log analysis and beyond, this book emphasizes the critical techniques that bring evidence to light.

Network forensics is a growing field, and is becoming increasingly central to law enforcement as cybercrime becomes more and more sophisticated. This book provides an unprecedented level of hands-on training to give investigators the skills they need.

  • Investigate packet captures to examine network communications
  • Locate host-based artifacts and analyze network logs
  • Understand intrusion detection systems—and let them do the legwork
  • Have the right architecture and systems in place ahead of an incident

Network data is always changing, and is never saved in one place; an investigator must understand how to examine data over time, which involves specialized skills that go above and beyond memory, mobile, or data forensics. Whether you're preparing for a security certification or just seeking deeper training for a law enforcement or IT role, you can only learn so much from concept; to thoroughly understand something, you need to do it. Network Forensics provides intensive hands-on practice with direct translation to real-world application.

Introduction xx
1 Introduction to Network Forensics
1(12)
What Is Forensics?
3(1)
Handling Evidence
4(1)
Cryptographic Hashes
5(3)
Chain of Custody
8(1)
Incident Response
8(2)
The Need for Network Forensic Practitioners
10(1)
Summary
11(1)
References
12(1)
2 Networking Basics
13(40)
Protocols
14(2)
Open Systems Interconnection (OSI) Model
16(2)
TCP/IP Protocol Suite
18(1)
Protocol Data Units
19(1)
Request for Comments
20(3)
Internet Registries
23(2)
Internet Protocol and Addressing
25(3)
Internet Protocol Addresses
28(3)
Internet Control Message Protocol (ICMP)
31(1)
Internet Protocol Version 6 (IPv6)
31(2)
Transmission Control Protocol (TCP)
33(3)
Connection-Oriented Transport
36(2)
User Datagram Protocol (UDP)
38(1)
Connectionless Transport
39(1)
Ports
40(2)
Domain Name System
42(4)
Support Protocols (DHCP)
46(2)
Support Protocols (ARP)
48(1)
Summary
49(2)
References
51(2)
3 Host-Side Artifacts
53(28)
Services
54(6)
Connections
60(2)
Tools
62(17)
netstat
63(3)
nbstat
66(2)
ifconfig/ipconfig
68(1)
Sysinternals
69(4)
ntop
73(2)
Task Manager/Resource Monitor
75(2)
ARP
77(1)
/proc Filesystem
78(1)
Summary
79(2)
4 Packet Capture and Analysis
81(32)
Capturing Packets
82(16)
Tcpdump/Tshark
84(5)
Wireshark
89(2)
Taps
91(2)
Port Spanning
93(1)
ARP Spoofing
94(2)
Passive Scanning
96(2)
Packet Analysis with Wireshark
98(10)
Packet Decoding
98(3)
Filtering
101(1)
Statistics
102(3)
Following Streams
105(1)
Gathering Files
106(2)
Network Miner
108(2)
Summary
110(3)
5 Attack Types
113(30)
Denial of Service Attacks
114(16)
SYN Floods
115(3)
Malformed Packets
118(4)
UDP Floods
122(2)
Amplification Attacks
124(2)
Distributed Attacks
126(2)
Backscatter
128(2)
Vulnerability Exploits
130(2)
Insider Threats
132(2)
Evasion
134(2)
Application Attacks
136(4)
Summary
140(3)
6 Location Awareness
143(16)
Time Zones
144(3)
Using whois
147(3)
Traceroute
150(3)
Geolocation
153(3)
Location-Based Services
156(1)
WiFi Positioning
157(1)
Summary
158(1)
7 Preparing for Attacks
159(28)
NetFlow
160(5)
Logging
165(15)
Syslog
166(5)
Windows Event Logs
171(2)
Firewall Logs
173(4)
Router and Switch Logs
177(1)
Log Servers and Monitors
178(2)
Antivirus
180(1)
Incident Response Preparation
181(2)
Google Rapid Response
182(1)
Commercial Offerings
182(1)
Security Information and Event Management
183(2)
Summary
185(2)
8 Intrusion Detection Systems
187(24)
Detection Styles
188(2)
Signature-Based
188(1)
Heuristic
189(1)
Host-Based versus Network-Based
190(16)
Snort
191(10)
Suricata and Sagan
201(2)
Bro
203(2)
Tripwire
205(1)
OSSEC
206(1)
Architecture
206(1)
Alerting
207(1)
Summary
208(3)
9 Using Firewall and Application Logs
211(34)
Syslog
212(12)
Centralized Logging
216(4)
Reading Log Messages
220(2)
LogWatch
222(2)
Event Viewer
224(9)
Querying Event Logs
227(4)
Clearing Event Logs
231(2)
Firewall Logs
233(7)
Proxy Logs
236(2)
Web Application Firewall Logs
238(2)
Common Log Format
240(3)
Summary
243(2)
10 Correlating Attacks
245(20)
Time Synchronization
246(3)
Time Zones
246(1)
Network Time Protocol
247(2)
Packet Capture Times
249(2)
Log Aggregation and Management
251(6)
Windows Event Forwarding
251(1)
Syslog
252(2)
Log Management Offerings
254(3)
Timelines
257(5)
Plaso
258(1)
PacketTotal
259(2)
Wireshark
261(1)
Security Information and Event Management
262(1)
Summary
263(2)
11 Network Scanning
265(26)
Port Scanning
266(14)
Operating System Analysis
271(2)
Scripts
273(2)
Banner Grabbing
275(3)
Ping Sweeps
278(2)
Vulnerability Scanning
280(5)
Port Knocking
285(1)
Tunneling
286(1)
Passive Data Gathering
287(2)
Summary
289(2)
12 Final Considerations
291(28)
Encryption
292(14)
Keys
293(1)
Symmetric
294(1)
Asymmetric
295(1)
Hybrid
296(1)
SSL/TLS
297(9)
Cloud Computing
306(8)
Infrastructure as a Service
306(3)
Storage as a Service
309(1)
Software as a Service
310(1)
Other Factors
311(3)
The Onion Router (TOR)
314(3)
Summary
317(2)
Index 319
RIC MESSIER has been program director for various cyber-security and computer forensics programs at Champlain College. A veteran of the networking and computer security field since the early 1980s, he has worked at large Internet service providers and small software companies. He has been responsible for the development of numerous course materials, has served on incident response teams, and has been consulted on forensic investigations for large companies.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97811193291836e.html