Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Learning Network Forensics

You're reading from   Learning Network Forensics Identify and safeguard your network against both internal and external threats, hackers, and malware attacks

Arrow left icon
Product type Paperback
Published in Feb 2016
Publisher
ISBN-13 9781782174905
Length 274 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Samir Datt Samir Datt
Author Profile Icon Samir Datt
Samir Datt
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Becoming Network 007s FREE CHAPTER 2. Laying Hands on the Evidence 3. Capturing & Analyzing Data Packets 4. Going Wireless 5. Tracking an Intruder on the Network 6. Connecting the Dots – Event Logs 7. Proxies, Firewalls, and Routers 8. Smuggling Forbidden Protocols – Network Tunneling 9. Investigating Malware – Cyber Weapons of the Internet 10. Closing the Deal – Solving the Case Index

Defining network forensics

What exactly is network forensics?

As per National Institute of Standards and Technology (NIST), Digital forensics, also known as computer and network forensics, has many definitions. Generally, it is considered the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Refer to http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf for more information.

As per WhatIs.com, network forensics is the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.

Broadly speaking, network forensics, in most people's perception, involves the CIA process. In this case, CIA stands for the following:

  • Capture (capture packets)
  • Identify (identify packets based on certain filtering criterion, such as date and time)
  • Analyze (both known and unknown packets to understand what's going on)

The following image illustrates this:

Defining network forensics

Broadly speaking, network forensics is the subset of digital forensics that deals with the investigation of events and activities related to digital networks. This involves monitoring and capturing network traffic and its related data from devices on the network with the objective of gathering evidence in a manner that is acceptable in the court of law.

You have been reading a chapter from
Learning Network Forensics
Published in: Feb 2016
Publisher:
ISBN-13: 9781782174905
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime