TY  - BOOK
AU  - Davidoff,Sherri
AU  - Ham,Jonathan
TI  - Network forensics: tracking hackers through cyberspace 
SN  - 0132564718 (hardcover : alk. paper)
U1  - 363.25968 23
PY  - 2012///
CY  - Upper Saddle River, NJ
PB  - Prentice Hall
KW  - Computer crimes
KW  - Investigation
KW  - Hackers
KW  - Forensic sciences
N1  - CONTENTS

PART 1: FOUNDATION

chapter 1: Practical Investigative Strategies
real-world cases
footprints
concepts in digital evidence
challenges relating to network evidence
conclusion

Chapter 2: Technical Fundamentals
Sources of network-based evidence
principles of internetworking
internet protocol suite
e.tc

Chapter 3: Evidence Acquisition
Physical interception
Traffic acquisition software
Active acquisition
Conclusion

PART II: TRAFFIC ANALYSIS

Chapter 4: Packet Analysis
Protocol analysis
packet analysis
flow analysis
higher-layer traffic analysis
conclusion
e.tc

Chapter 5: Statistical Flow Analysis
Process overview
sensors
Flow record export protocols
collection and aggregation
e.tc

Chapter 6: Wireless: Network Forensics Unplugged
The IEEE Layer 2 protocol series
Wireless Access points
e.tc

Chapter 7: Network intrusion Detection and Analysis 
why investigate NIDs/ NIPS
Typical NIDS/ NIPS Functionality
Modes of detection
e.tc

PART III: NETWORK DEVICES AND SERVERS

Chapter 8: event log aggregation, correlation and analysis
sources of logs
networks log architecture
collecting and analyzing evidence
e.tc

Chapter 9: Switches, Routers and Firewalls
Storage media
switches
Routers
Interfaces
e.tc

Chapter 10: Web Proxies
why investigate web proxies
web proxy functionality
evidence
e.tc

PART IV: ADVANCED TOPICS

Chapter 11: Network Tunneling
Tunneling for confidentiality
Covert Tunneling
e.tc

Chapter 12: Malware Forensics
trends in malware evolution
Network behaviour malware
The future of malware and network forensics
e.tc
; Includes bibliographical references and index p. 521-545
ER  -