Network Intrusion Analysis

Network Intrusion Analysis

Methodologies, Tools, and Techniques for Incident Analysis and Response

1st Edition - April 6, 2006

Write a review

  • Authors: Steven Bolt, Joe Fichera
  • eBook ISBN: 9781597499712

Purchase options

Purchase options
DRM-free (EPub, PDF, Mobi)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

Nearly every business depends on its network to provide information services to carry out essential activities, and network intrusion attacks have been growing increasingly frequent and severe. When network intrusions do occur, it’s imperative that a thorough and systematic analysis and investigation of the attack is conducted to determine the nature of the threat and the extent of information lost, stolen, or damaged during the attack. A thorough and timely investigation and response can serve to minimize network downtime and ensure that critical business systems are maintained in full operation. Network Intrusion Analysis teaches the reader about the various tools and techniques to use during a network intrusion investigation. The book focuses on the methodology of an attack as well as the investigative methodology, challenges, and concerns. This is the first book that provides such a thorough analysis of network intrusion investigation and response. Network Intrusion Analysis addresses the entire process of investigating a network intrusion by:*Providing a step-by-step guide to the tools and techniques used in the analysis and investigation of a network intrusion.*Providing real-world examples of network intrusions, along with associated workarounds.*Walking you through the methodology and practical steps needed to conduct a thorough intrusion investigation and incident response, including a wealth of practical, hands-on tools for incident assessment and mitigation.

Key Features

  • Network Intrusion Analysis addresses the entire process of investigating a network intrusion
  • Provides a step-by-step guide to the tools and techniques used in the analysis and investigation of a network intrusion
  • Provides real-world examples of network intrusions, along with associated workarounds
  • Walks readers through the methodology and practical steps needed to conduct a thorough intrusion investigation and incident response, including a wealth of practical, hands-on tools for incident assessment and mitigation

Readership

Professionals (Network Administrators, IT Managers, Security Managers, Security Analysts, Directors of Security, etc.) IT Security Professionals (Security Auditors, Security Engineers, Compliance Specialists, etc.)

Table of Contents

  • Acknowledgement

    Preface

    Intended Audience

    Organization of this book

    Chapter 1. Introduction

    Introducing Network Intrusion Analysis

    Chapter 2. Intrusion Methodologies and Artifacts

    Stage 1: Pre-Intrusion Actions: AKA Reconnaissance

    Stage 2: Intrusion Methods

    References

    Chapter 3. Incident Response

    Introduction

    Section 1: Methodology

    Trusted Toolset

    Commercial Triage Tools

    Section 2 Memory Acquisition

    Introduction

    Acquisition

    Mdd_1.3.exe

    Usage

    Win32dd

    FTK Imager

    Conclusion

    References

    Chapter 4. Volatile Data Analysis

    Introduction

    What is Volatile Data?

    What is Non-Volatile Data?

    Section 1: Collection Tools

    Commercial Triage Tools

    EnCase Portable, Guidance Software, Inc.

    US-LATT, WetStone Technologies, Inc.

    Section 2: Memory Analysis

    RAM Analysis

    References

    Chapter 5. Network Analysis

    Introduction

    Methodology

    Network Traffic

    Snort

    Packet Analysis Tools

    Wireshark

    Analyzing Data with Wireshark

    Netwitness Investigator

    Analyzing Data with Netwitness

    Log Analysis

    Witness Devices

    Viewing, Acquiring, Triaging Devices over the Network

    References

    Chapter 6. Host Analysis

    Introduction

    Methodology

    References

    Chapter 7. Malware Analysis

    Introduction

    Malware Sandbox Creation

    Behavioral Analysis Walkthrough

    Step 2: Starting the Monitoring Applications

    Reporting

    Conclusion

    References

    Chapter 8. Reporting After Analysis

    Introduction

    Getting Started

    The Report Header

    Index

Product details

  • No. of pages: 252
  • Language: English
  • Copyright: © Syngress 2012
  • Published: April 6, 2006
  • Imprint: Syngress
  • eBook ISBN: 9781597499712

About the Authors

Steven Bolt

Steven Bolt is currently a Sr. Incident Response and Forensics Team Leader for a global corporation. Previously he worked as a Security Operations Center Manager and as a Computer Forensics Leader, Instructor and course developer at the Defense Cyber Investigations Training Academy. He holds several industry certifications.

Affiliations and Expertise

Computer Forensics Leader, Instructor at the Defence Cyber Investigations Training Academy

Joe Fichera

Joe Fichera is a computer forensic leader, instructor and curriculum developer for to the Defense Cyber Investigations Training Academy. He has conducted training and spoken at several conferences, such as the Department of Defense Cyber Crime Conference and the Internet Crimes Against Children conference. He is a Certified Computer Examiner (CCE) and member of the ISFCE. He also holds EnCE, ACE, CTT+, SCNS, A+, Network+, and MCP certifications. He has over 10 years of forensic experience, 20 years of instructor experience and 15 years as a law enforcement officer.

Affiliations and Expertise

Joe Fichera is a Certified Computer Examiner (CCE) and member of the ISFCE. He also holds EnCE, ACE, CTT+, SCNS, A+, Network+, and MCP certifications.

Ratings and Reviews

Write a review

There are currently no reviews for "Network Intrusion Analysis"