Network forensics : tracking hackers through cyberspace / Sherri Davidoff, and Jonathan Ham.

CONTENTS

PART 1: FOUNDATION

chapter 1: Practical Investigative Strategies
real-world cases
footprints
concepts in digital evidence
challenges relating to network evidence
conclusion

Chapter 2: Technical Fundamentals
Sources of network-based evidence
principles of internetworking
internet protocol suite
e.tc

Chapter 3: Evidence Acquisition
Physical interception
Traffic acquisition software
Active acquisition
Conclusion

PART II: TRAFFIC ANALYSIS

Chapter 4: Packet Analysis
Protocol analysis
packet analysis
flow analysis
higher-layer traffic analysis
conclusion
e.tc

Chapter 5: Statistical Flow Analysis
Process overview
sensors
Flow record export protocols
collection and aggregation
e.tc

Chapter 6: Wireless: Network Forensics Unplugged
The IEEE Layer 2 protocol series
Wireless Access points
e.tc

Chapter 7: Network intrusion Detection and Analysis
why investigate NIDs/ NIPS
Typical NIDS/ NIPS Functionality
Modes of detection
e.tc

PART III: NETWORK DEVICES AND SERVERS

Chapter 8: event log aggregation, correlation and analysis
sources of logs
networks log architecture
collecting and analyzing evidence
e.tc

Chapter 9: Switches, Routers and Firewalls
Storage media
switches
Routers
Interfaces
e.tc

Chapter 10: Web Proxies
why investigate web proxies
web proxy functionality
evidence
e.tc

PART IV: ADVANCED TOPICS

Chapter 11: Network Tunneling
Tunneling for confidentiality
Covert Tunneling
e.tc

Chapter 12: Malware Forensics
trends in malware evolution
Network behaviour malware
The future of malware and network forensics
e.tc

Includes bibliographical references and index p. 521-545