LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code needed.
Network Intrusion Analysis
Methodologies, Tools, and Techniques for Incident Analysis and Response
- 1st Edition - April 6, 2006
- Authors: Steven Bolt, Joe Fichera
- Language: English
- Paperback ISBN:9 7 8 - 1 - 5 9 7 4 9 - 9 6 2 - 0
- eBook ISBN:9 7 8 - 1 - 5 9 7 4 9 - 9 7 1 - 2
Nearly every business depends on its network to provide information services to carry out essential activities, and network intrusion attacks have been growing increasingly fr… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteNearly every business depends on its network to provide information services to carry out essential activities, and network intrusion attacks have been growing increasingly frequent and severe. When network intrusions do occur, it’s imperative that a thorough and systematic analysis and investigation of the attack is conducted to determine the nature of the threat and the extent of information lost, stolen, or damaged during the attack. A thorough and timely investigation and response can serve to minimize network downtime and ensure that critical business systems are maintained in full operation.
Network Intrusion Analysis teaches the reader about the various tools and techniques to use during a network intrusion investigation. The book focuses on the methodology of an attack as well as the investigative methodology, challenges, and concerns. This is the first book that provides such a thorough analysis of network intrusion investigation and response.
Network Intrusion Analysis addresses the entire process of investigating a network intrusion by:
*Providing a step-by-step guide to the tools and techniques used in the analysis and investigation of a network intrusion.
*Providing real-world examples of network intrusions, along with associated workarounds.
*Walking you through the methodology and practical steps needed to conduct a thorough intrusion investigation and incident response, including a wealth of practical, hands-on tools for incident assessment and mitigation.
- Network Intrusion Analysis addresses the entire process of investigating a network intrusion
- Provides a step-by-step guide to the tools and techniques used in the analysis and investigation of a network intrusion
- Provides real-world examples of network intrusions, along with associated workarounds
- Walks readers through the methodology and practical steps needed to conduct a thorough intrusion investigation and incident response, including a wealth of practical, hands-on tools for incident assessment and mitigation
Professionals (Network Administrators, IT Managers, Security Managers, Security Analysts, Directors of Security, etc.) IT Security Professionals (Security Auditors, Security Engineers, Compliance Specialists, etc.)
Acknowledgement
Preface
Intended Audience
Organization of this book
Chapter 1. Introduction
Introducing Network Intrusion Analysis
Chapter 2. Intrusion Methodologies and Artifacts
Stage 1: Pre-Intrusion Actions: AKA Reconnaissance
Stage 2: Intrusion Methods
References
Chapter 3. Incident Response
Introduction
Section 1: Methodology
Trusted Toolset
Commercial Triage Tools
Section 2 Memory Acquisition
Introduction
Acquisition
Mdd_1.3.exe
Usage
Win32dd
FTK Imager
Conclusion
References
Chapter 4. Volatile Data Analysis
Introduction
What is Volatile Data?
What is Non-Volatile Data?
Section 1: Collection Tools
Commercial Triage Tools
EnCase Portable, Guidance Software, Inc.
US-LATT, WetStone Technologies, Inc.
Section 2: Memory Analysis
RAM Analysis
References
Chapter 5. Network Analysis
Introduction
Methodology
Network Traffic
Snort
Packet Analysis Tools
Wireshark
Analyzing Data with Wireshark
Netwitness Investigator
Analyzing Data with Netwitness
Log Analysis
Witness Devices
Viewing, Acquiring, Triaging Devices over the Network
References
Chapter 6. Host Analysis
Introduction
Methodology
References
Chapter 7. Malware Analysis
Introduction
Malware Sandbox Creation
Behavioral Analysis Walkthrough
Step 2: Starting the Monitoring Applications
Reporting
Conclusion
References
Chapter 8. Reporting After Analysis
Introduction
Getting Started
The Report Header
Index
- No. of pages: 252
- Language: English
- Edition: 1
- Published: April 6, 2006
- Imprint: Syngress
- Paperback ISBN: 9781597499620
- eBook ISBN: 9781597499712
JF
Joe Fichera
Joe Fichera is a computer forensic leader, instructor and curriculum developer for to the Defense Cyber Investigations Training Academy. He has conducted training and spoken at several conferences, such as the Department of Defense Cyber Crime Conference and the Internet Crimes Against Children conference. He is a Certified Computer Examiner (CCE) and member of the ISFCE. He also holds EnCE, ACE, CTT+, SCNS, A+, Network+, and MCP certifications. He has over 10 years of forensic experience, 20 years of instructor experience and 15 years as a law enforcement officer.
Affiliations and expertise
Joe Fichera is a Certified Computer Examiner (CCE) and member of the ISFCE. He also holds EnCE, ACE, CTT+, SCNS, A+, Network+, and MCP certifications.Read Network Intrusion Analysis on ScienceDirect