Digital Forensics for Network, Internet, and Cloud Computing book cover

Digital Forensics for Network, Internet, and Cloud Computing

A Forensic Evidence Guide for Moving Targets and Data

,

Published: June 2010

Imprint: Syngress

ISBN: 978-1-59749-537-0

Reviews

  • "Syngress [is] by far the best publisher of digital forensics and general security books…I would strongly recommend that you read Digital Forensics for Network, Internet and Cloud Computing…as this book really does cover a plethora of issues that we’ll all have to face, maybe sooner than we think." -Tony Campbell, Publisher, Digital Forensics Magazine


Contents

  • PART I INTRODUCTION

    CHAPTER 1 What Is Network Forensics?
    Introduction to Cloud Computing
    Introduction to the Incident Response Process
    Investigative and Forensics Methodologies
    Where Network Forensics Fits In

    PART II GATHERING EVIDENCE

    CHAPTER 2 Capturing Network Traffic
    The Importance of DHCP Logs
    Using tcpdump/WinDump
    Limitations of tcpdump
    tcpdump Command Line
    Troubleshooting tcpdump
    Using Wireshark
    Wireshark GUI
    Limitations of Wireshark
    Limitations of Using Libpcap and Derivatives
    Wireshark Utilities
    TShark
    Rawshark
    Dumpcap
    Mergecap
    Editcap
    Text2pcap
    Using SPAN Ports or TAPS
    SPAN Port Issues
    Network Tap
    Using Fiddler
    Firewalls
    Placement of Sensors
    Summary

    CHAPTER 3 Other Network Evidence
    Overview of Botnets and Other Network-Aware Malware
    The Botnet Life Cycle
    Temporal, Relational, and Functional Analyses and Victimology
    First Responder Evidence Sources of Network-Related Evidence
    Dynamic Evidence Capture
    Malware Analysis: Using Sandbox Technology
    Summary

    PART III ANALYZING EVIDENCE WITH OPEN SOURCE SOFTWARE

    CHAPTER 4 Deciphering a TCP Header
    OSI and TCP Reference Models
    TCP Header
    Source Port Number
    Destination Port Number
    Sequence Number
    Acknowledgment Number
    Data Offset
    Reserved
    TCP Flags
    Windows Size
    TCP Checksum
    Urgent Pointer
    TCP Options
    Padding
    Decipherment of a TCP Segment
    TCP Signature Analysis
    Summary

    CHAPTER 5 Using Snort for Network-Based Forensics
    IDS Overview
    Snort Architecture
    Real-Time Network Traffi c Capturing
    Playback Binary Network Traffic (pcap Format)
    Snort Preprocessor Component
    Snort Detection Engine Component
    Network Forensics Evidence Generated with Snort
    Summary

    PART IV COMMERCIAL NETWORK FORENSICS APPLICATIONS

    CHAPTER 6 Commercial NetFlow Applications
    What Is NetFlow?
    How Does NetFlow Work?
    The Benefit of NetFlow
    NetFlow Collection
    NetFlow User Datagram Protocol (UDP) Datagrams
    NetFlow Header
    Enabling NetFlow
    Enabling NetFlow v9 (Ingress and Egress)
    What Is an FNF?
    Key Advantages
    Enabling FNF What Is an sFlow?
    Enabling sFlow
    Which Is Better: NetFlow or sFlow?
    Scrutinizer
    Scaling
    Scrutinizer Forensics Using Flow Analytics
    Using Flow Analytics to Identify Threats within NetFlow
    Summary

    CHAPTER 7 NetWitness Investigator
    Introduction
    NetWitness Investigator Architecture
    Import/Live Capture Network Traffic
    Collections
    Parsers, Feeds, and Rules
    Navigation Views
    Data Analysis
    Exporting Captured Data
    Summary

    CHAPTER 8 SilentRunner by AccessData
    History of SilentRunner
    Parts of the SilentRunner System
    Installing SilentRunner
    Stand-Alone Installation
    Distributed Installation
    SilentRunner Terminology
    Graphs
    Spec Files
    Customizing the Analyzer
    Context Management
    Data Investigator Tools
    Some Final Tricks and Tips
    Summary
    References

    PART V MAKING YOUR NETWORK FORENSICS CASE

    CHAPTER 9 Incorporating Network Forensics into Incident Response Plans
    Investigation Method
    Incident Response
    Spearphishing
    DMCA Violations
    Web Site Compromise: Search Engine Spam and Phishing
    Summary
    References

    CHAPTER 10 Legal Implications and Considerations
    Internet Forensics
    Admissibility of Internet Evidence
    Hearsay Exceptions and Internet Evidence
    Cloud Forensics
    Evidence Collection in the Cloud
    Admissibility of Cloud Evidence
    E-Discovery in the Cloud
    International Complexities of Internet and Cloud Forensics
    The Hague Convention on Evidence
    Privacy
    Summary
    References
    Case Law
    Legislation

    CHAPTER 11 Putting It All Together
    Network Forensics Examiner Skills
    Network Forensics Investigation Life Cycle
    Summary

    PART VI THE FUTURE OF NETWORK FORENSICS

    CHAPTER 12 The Future of Cloud Computing
    History of Cloud Computing
    What Drives the Cloud
    A Break from Dependence on IT to Solve a Business Problem
    The Cloud Is Enabled through Virtualization
    Accelerating Development and Delivery of New Applications
    Private versus Public Cloud Computing
    Which Cloud Vendors Will Rise to the Top?
    Yes, There Are Risks
    The Risks Are Worthwhile
    Will Microsoft and Google Be the 1000-Pound Gorillas of the Cloud?
    The Current State of Cloud Computing
    Cloud Usage Patterns
    Who Will Host the Cloud?
    Cloud Computing and Collective Intelligence
    Security and IT from the Cloud
    Other Widely Used Cloud Applications
    Cloud Market Size
    Elements of the Cloud
    The U.S. Federal Government Is Leading the Movement to the Cloud
    Rapid Rate of Change
    Common Security Risks of the Current Cloud
    Next Phases of Cloud Computing
    New Database Models Will Greatly Change Product Creation
    Integrated Applications Will Accelerate Cloud Product Creation
    Microsoft Azure Will Enable a Cloud Cottage Industry
    Other Changes in the New Cloud World
    Security Improvements in the Future Cloud
    Summary

    CHAPTER 13 The Future of Network Forensics
    Today’s Challenges with Existing Devices for Network Forensics
    Network Forensics Quadrants of Focus
    Network Forensics Analysis Tools
    Summary

     

     

     

Advertisement

advert image