- Print ISBN 9781597499620
- Electronic ISBN 9781597499712
Nearly every business depends on its network to provide information services to carry out essential activities, and network intrusion attacks have been growing increasingly frequent and severe. When network intrusions do occur, it’s imperative that a thorough and systematic analysis and investigation of the attack is conducted to determine the nature of the threat and the extent of information lost, stolen, or damaged during the attack. A thorough and timely investigation and response can serve to minimize network downtime and ensure that critical business systems are maintained in full operation.
Network Intrusion Analysis teaches the reader about the various tools and techniques to use during a network intrusion investigation. The book focuses on the methodology of an attack as well as the investigative methodology, challenges, and concerns. This is the first book that provides such a thorough analysis of network intrusion investigation and response.
Network Intrusion Analysis addresses the entire process of investigating a network intrusion by:
*Providing a step-by-step guide to the tools and techniques used in the analysis and investigation of a network intrusion.
*Providing real-world examples of network intrusions, along with associated workarounds.
*Walking you through the methodology and practical steps needed to conduct a thorough intrusion investigation and incident response, including a wealth of practical, hands-on tools for incident assessment and mitigation.
Organization of this book
Chapter 1. Introduction
Introducing Network Intrusion Analysis
Chapter 2. Intrusion Methodologies and Artifacts
Stage 1: Pre-Intrusion Actions: AKA Reconnaissance
Stage 2: Intrusion Methods
Chapter 3. Incident Response
Section 1: Methodology
Commercial Triage Tools
Section 2 Memory Acquisition
Chapter 4. Volatile Data Analysis
What is Volatile Data?
What is Non-Volatile Data?
Section 1: Collection Tools
Commercial Triage Tools
EnCase Portable, Guidance Software, Inc.
US-LATT, WetStone Technologies, Inc.
Section 2: Memory Analysis
Chapter 5. Network Analysis
Packet Analysis Tools
Analyzing Data with Wireshark
Analyzing Data with Netwitness
Viewing, Acquiring, Triaging Devices over the Network
Chapter 6. Host Analysis
Chapter 7. Malware Analysis
Malware Sandbox Creation
Behavioral Analysis Walkthrough
Step 2: Starting the Monitoring Applications
Chapter 8. Reporting After Analysis
The Report Header
"Not only does this book teach you about network intrusion analysis, it also gives you knowledge of how intrusions are performed. This inside information helps give you a better picture of what's really going on when you are investigating a compromise." --Derrick Rountree, CISSP, CASP, MCSE