000 08697cam a2200949 i 4500
001 ocn994006202
003 OCoLC
005 20240523125540.0
006 m o d
007 cr cnu|||unuuu
008 170718s2017 inua ob 001 0 eng d
040 _aN$T
_beng
_erda
_epn
_cN$T
_dDG1
_dYDX
_dN$T
_dIDEBK
_dEBLCP
_dOCLCF
_dOCLCQ
_dIUL
_dCNCGM
_dIDB
_dCOO
_dUPM
_dK6U
_dUAB
_dDEBSZ
_dLIV
_dOCLCQ
_dDEBBG
_dD6H
_dOCLCQ
_dVVB
_dKSU
_dUMI
_dSTF
_dCEF
_dVT2
_dMERUC
_dRECBK
_dAU@
_dOAUST
_dOCLCQ
_dWYU
_dLVT
_dU3W
_dOCLCQ
_dUKAHL
_dOCLCQ
_dUKMGB
_dOCLCQ
_dBRF
_dELBRO
_dOCLCQ
_dOCLCO
_dSFB
_dOCLCQ
_dOCLCO
_dOCLCQ
_dOCLCL
015 _aGBB780941
_2bnb
016 7 _a018339668
_2Uk
019 _a994470187
_a995110295
_a995144993
_a1004966450
_a1048187388
_a1066633740
_a1103254670
_a1111104988
_a1129362939
_a1153017943
_a1192350388
_a1228549688
020 _a9781119329176
_q(electronic bk.)
020 _a1119329175
_q(electronic bk.)
020 _a9781119329190
_q(electronic bk.)
020 _a1119329191
_q(electronic bk.)
020 _a9781119329183
020 _a1119329183
020 _z9781119328285
_q(print)
020 _z1119328284
029 1 _aAU@
_b000061503310
029 1 _aAU@
_b000062162513
029 1 _aAU@
_b000062186323
029 1 _aAU@
_b000062360973
029 1 _aAU@
_b000066232163
029 1 _aAU@
_b000066533269
029 1 _aAU@
_b000067105626
029 1 _aCHBIS
_b011150720
029 1 _aCHNEW
_b000964913
029 1 _aCHVBK
_b495227781
029 1 _aDEBSZ
_b493821449
029 1 _aGBVCP
_b1014934532
029 1 _aGBVCP
_b1014966779
029 1 _aUKMGB
_b018339668
035 _a(OCoLC)994006202
_z(OCoLC)994470187
_z(OCoLC)995110295
_z(OCoLC)995144993
_z(OCoLC)1004966450
_z(OCoLC)1048187388
_z(OCoLC)1066633740
_z(OCoLC)1103254670
_z(OCoLC)1111104988
_z(OCoLC)1129362939
_z(OCoLC)1153017943
_z(OCoLC)1192350388
_z(OCoLC)1228549688
037 _aCL0500000895
_bSafari Books Online
050 4 _aTK5105.59
072 7 _aCOM
_x053000
_2bisacsh
082 0 4 _a005.8
_223
049 _aMAIN
100 1 _aMessier, Ric,
_eauthor.
245 1 0 _aNetwork forensics /
_cRic Messier.
264 1 _aIndianapolis, IN :
_bWiley,
_c2017.
264 4 _c�2017
300 _a1 online resource :
_bcolor illustrations
336 _atext
_btxt
_2rdacontent
337 _acomputer
_bc
_2rdamedia
338 _aonline resource
_bcr
_2rdacarrier
588 0 _aOnline resource; title from PDF title page (John Wiley, viewed July 25, 2017).
505 0 _aCover; Title Page; Copyright; About the Author; About the Technical Editor; Credits; Contents; Introduction; What This Book Covers; How to Use This Book; How This Book Is Organized; Chapter 1: Introduction to Network Forensics; What Is Forensics?; Handling Evidence; Cryptographic Hashes; Chain of Custody; Incident Response; The Need for Network Forensic Practitioners; Summary; References; Chapter 2: Networking Basics; Protocols; Open Systems Interconnection (OSI) Model; TCP/IP Protocol Suite; Protocol Data Units; Request for Comments; Internet Registries; Internet Protocol and Addressing.
505 8 _aInternet Protocol AddressesInternet Control Message Protocol (ICMP); Internet Protocol Version 6 (IPv6); Transmission Control Protocol (TCP); Connection-Oriented Transport; User Datagram Protocol (UDP); Connectionless Transport; Ports; Domain Name System; Support Protocols (DHCP); Support Protocols (ARP); Summary; References; Chapter 3: Host-Side Artifacts; Services; Connections; Tools; netstat; nbstat; ifconfig/ipconfig; Sysinternals; ntop; Task Manager/Resource Monitor; ARP; /proc Filesystem; Summary; Chapter 4: Packet Capture and Analysis; Capturing Packets; Tcpdump/Tshark; Wireshark; Taps.
505 8 _aPort SpanningARP Spoofing; Passive Scanning; Packet Analysis with Wireshark; Packet Decoding; Filtering; Statistics; Following Streams; Gathering Files; Network Miner; Summary; Chapter 5: Attack Types; Denial of Service Attacks; SYN Floods; Malformed Packets; UDP Floods; Amplification Attacks; Distributed Attacks; Backscatter; Vulnerability Exploits; Insider Threats; Evasion; Application Attacks; Summary; Chapter 6: Location Awareness; Time Zones; Using whois; Traceroute; Geolocation; Location-Based Services; WiFi Positioning; Summary; Chapter 7: Preparing for Attacks; NetFlow; Logging.
505 8 _aSyslogWindows Event Logs; Firewall Logs; Router and Switch Logs; Log Servers and Monitors; Antivirus; Incident Response Preparation; Google Rapid Response; Commercial Offerings; Security Information and Event Management; Summary; Chapter 8: Intrusion Detection Systems; Detection Styles; Signature-Based; Heuristic; Host-Based versus Network-Based; Snort; Suricata and Sagan; Bro; Tripwire; OSSEC; Architecture; Alerting; Summary; Chapter 9: Using Firewall and Application Logs; Syslog; Centralized Logging; Reading Log Messages; LogWatch; Event Viewer; Querying Event Logs; Clearing Event Logs.
505 8 _aFirewall LogsProxy Logs; Web Application Firewall Logs; Common Log Format; Summary; Chapter 10: Correlating Attacks; Time Synchronization; Time Zones; Network Time Protocol; Packet Capture Times; Log Aggregation and Management; Windows Event Forwarding; Syslog; Log Management Offerings; Timelines; Plaso; PacketTotal; Wireshark; Security Information and Event Management; Summary; Chapter 11: Network Scanning; Port Scanning; Operating System Analysis; Scripts; Banner Grabbing; Ping Sweeps; Vulnerability Scanning; Port Knocking; Tunneling; Passive Data Gathering; Summary.
520 8 _aIntensively hands-on training for real-world network forensicsNetwork Forensics provides a uniquely practical guide for IT and law enforcement professionals seeking a deeper understanding of cybersecurity. This book is hands-on all the way--by dissecting packets, you gain fundamental knowledge that only comes from experience. Real packet captures and log files demonstrate network traffic investigation, and the learn-by-doing approach relates the essential skills that traditional forensics investigators may not have. From network packet analysis to host artifacts to log analysis and beyond, this book emphasizes the critical techniques that bring evidence to light.Network forensics is a growing field, and is becoming increasingly central to law enforcement as cybercrime becomes more and more sophisticated. This book provides an unprecedented level of hands-on training to give investigators the skills they need. Investigate packet captures to examine network communicationsLocate host-based artifacts and analyze network logsUnderstand intrusion detection systems--and let them do the legworkHave the right architecture and systems in place ahead of an incidentNetwork data is always changing, and is never saved in one place; an investigator must understand how to examine data over time, which involves specialized skills that go above and beyond memory, mobile, or data forensics. Whether you're preparing for a security certification or just seeking deeper training for a law enforcement or IT role, you can only learn so much from concept; to thoroughly understand something, you need to do it. Network Forensics provides intensive hands-on practice with direct translation to real-world application.
504 _aIncludes bibliographical references and index.
590 _aJohn Wiley and Sons
_bWiley Online Library: Complete oBooks
650 0 _aComputer networks
_xSecurity measures.
650 0 _aInternet
_xSecurity measures.
650 6 _aR�eseaux d'ordinateurs
_xS�ecurit�e
_xMesures.
650 6 _aInternet
_xS�ecurit�e
_xMesures.
650 7 _aCOMPUTERS
_xSecurity
_xGeneral.
_2bisacsh
650 7 _aComputer networks
_xSecurity measures
_2fast
650 7 _aInternet
_xSecurity measures
_2fast
758 _ihas work:
_aNetwork Forensics (Text)
_1https://id.oclc.org/worldcat/entity/E39PCFHxThdMJhW4c6cCbhcPry
_4https://id.oclc.org/worldcat/ontology/hasWork
776 0 8 _iPrint version:
_aMessier, Ric.
_tNetwork forensics.
_dIndianapolis, IN : Wiley, 2017
_z1119328284
_z9781119328285
_w(OCoLC)960091582
856 4 0 _uhttps://onlinelibrary.wiley.com/doi/book/10.1002/9781119329190
938 _aAskews and Holts Library Services
_bASKH
_nAH32066802
938 _aAskews and Holts Library Services
_bASKH
_nAH32066801
938 _aEBSCOhost
_bEBSC
_n1556076
938 _aeLibro
_bELBO
_nELB177224
938 _aProQuest MyiLibrary Digital eBook Collection
_bIDEB
_ncis36881926
938 _aRecorded Books, LLC
_bRECE
_nrbeEB00737605
938 _aYBP Library Services
_bYANK
_n14700923
938 _aYBP Library Services
_bYANK
_n14723954
938 _aYBP Library Services
_bYANK
_n14712599
938 _aProQuest Ebook Central
_bEBLB
_nEBL4917496
994 _a92
_bINLUM
999 _c12457
_d12457