European Parliament Library

Network forensics, privacy and security, Anchit Bijalwan

Label
Network forensics, privacy and security, Anchit Bijalwan
Language
eng
Bibliography note
Includes bibliographical references and index
Illustrations
illustrations
Index
index present
Literary Form
non fiction
Main title
Network forensics
Nature of contents
dictionariesbibliography
Oclc number
12851672831260690756
Responsibility statement
Anchit Bijalwan
Sub title
privacy and security
Summary
"Network Forensics: A privacy & Security provides a significance knowledge of network forensics in different functions and spheres of the security. The book gives the complete knowledge of network security, all kind of network attacks, intention of an attacker, identification of attack, detection, its analysis, incident response, ethical issues, botnet and botnet forensics. This book also refer the recent trends that comes under network forensics. It provides in-depth insight to the dormant and latent issues of the acquisition and system live investigation too"--, Provided by publisher
Table Of Contents
Cover -- Half Title -- Title Page -- Copyright Page -- Table of Contents -- Preface -- Organization of This Book -- Author -- Acknowledgments -- Part A Network Forensics Concepts -- 1. Introduction to Network Forensics -- 1.1 Introduction -- 1.2 Network Security -- 1.2.1 Evolution of Network Security -- 1.2.2 Importance of Network Security -- 1.2.3 Basic Terminology for Understanding Network Security -- 1.2.4 Features of Network Security Services -- 1.3 Types of Network Security Attacks -- 1.3.1 Active Attack -- 1.3.1.1 Modification -- 1.3.1.2 Fabrication -- 1.3.1.3 Interruption and Denial of Service -- 1.3.1.4 Replay Attack -- 1.3.1.5 Masquerade Attack -- 1.3.2 Passive Attack -- 1.3.2.1 Traffic Analysis -- 1.3.2.2 Message Transmission -- 1.4 Network Security Tools -- 1.4.1 Intrusion Detection System -- 1.4.1.1 Knowledge- or Signature-Based IDS -- 1.4.1.2 Behavior- or Anomaly-Based IDS -- 1.4.2 Firewall -- 1.4.2.1 Network-Level Firewall -- 1.4.2.2 Application-Level Firewall -- 1.4.2.3 Proxy Firewall -- 1.4.3 Antivirus -- 1.5 Security Issues -- 1.5.1 Network Access Control -- 1.5.2 Application Security -- 1.5.2.1 Application Security Process -- 1.5.3 Email Security -- 1.5.3.1 Antivirus Application on System -- 1.5.3.2 Spam Filters -- 1.5.3.3 Antispam Applications -- 1.5.3.4 Strong Passwords -- 1.5.3.5 Password Rotation -- 1.5.4 Wireless Security -- 1.5.5 Firewall -- 1.6 Digital Forensics -- 1.6.1 Digital Forensics Evolution -- 1.6.2 Digital Forensic Types -- 1.7 Computer Forensics -- 1.7.1 Computer Forensics Process -- 1.8 Network Forensics -- 1.8.1 Definition -- 1.8.2 Taxonomy of Network Forensics Tools -- 1.8.3 Network Forensics Mechanism -- 1.8.4 Network Forensics Process -- 1.8.4.1 Authorization -- 1.8.4.2 Collection of Evidences -- 1.8.4.3 Identification of Evidences -- 1.8.4.4 Detection of Crime -- 1.8.4.5 Investigation1.8.4.6 Presentation -- 1.8.4.7 Incident Response -- 1.9 Computer Forensics vs Network Forensics -- 1.9.1 Computer Forensics -- 1.9.2 Network Forensics -- 1.10 Network Security vs Network Forensics -- 1.10.1 Network Security -- 1.10.2 Network Forensics -- Questions -- Bibliography -- 2. Cyber Crime -- 2.1 Introduction -- 2.2 Attack Intentions -- 2.2.1 Warfare Sponsored by the Country -- 2.2.2 Terrorist Attack -- 2.2.3 Commercially Motivated Attack -- 2.2.4 Financially Driven Criminal Attack -- 2.2.5 Hacking -- 2.2.6 Cyberstalking -- 2.2.7 Child Pornography -- 2.2.8 Web Jacking -- 2.2.9 Data Diddling -- 2.2.10 Counterfeiting -- 2.2.11 Phishing -- 2.3 Malware -- 2.3.1 Definition -- 2.3.2 History of Malware -- 2.3.3 Classification of Malware -- 2.3.3.1 Virus -- 2.3.3.2 Worm -- 2.3.3.3 Logic Bomb -- 2.3.3.4 Trojan Horse -- 2.3.3.5 Backdoor -- 2.3.3.6 Mobile Code -- 2.3.3.7 Exploits -- 2.3.3.8 Downloaders -- 2.3.3.9 Auto Rooter -- 2.3.3.10 Kit (Virus Generator) -- 2.3.3.11 Spammer -- 2.3.3.12 Flooders -- 2.3.3.13 Keyloggers -- 2.3.3.14 Rootkit -- 2.3.3.15 Zombie or Bot -- 2.3.3.16 Spyware -- 2.3.3.17 Adware -- 2.3.3.18 Ransomware -- 2.3.3.19 Hacker's Useful Components and Other Harmful Programs -- 2.4 Terminology for the Cyber Attackers -- 2.5 Types of Attacks -- 2.5.1 Distributed Denial of Service Attack -- 2.5.2 Spam -- 2.5.3 Personal Information Thieving -- 2.5.4 Click Fraud -- 2.5.5 Identity Theft -- Questions -- Bibliography -- 3. Network Forensics Process Model -- 3.1 Introduction -- 3.2 Recent Trend in Network Forensics -- 3.2.1 Malware Forensics -- 3.2.2 Botnet Forensics -- 3.2.3 Cloud Forensics -- 3.2.4 Grid Forensics -- 3.3 Life Cycle of Network Forensics -- 3.4 Network Forensics Process Model -- 3.4.1 Authorization -- 3.4.2 Collection of Evidence -- 3.4.3 Identification of Evidence -- 3.4.4 Detection of Crime -- 3.4.5 Investigation3.4.6 Presentation -- 3.4.7 Incident Response -- 3.5 Detection and Investigative Network Forensics Frameworks -- 3.5.1 Detection-Based Framework -- 3.5.2 BOT GAD-Based Framework -- 3.5.3 System Architecture-Based Framework -- 3.5.4 Fast Flux-Based Framework -- 3.5.5 Mac OS-Based Framework -- 3.5.6 Open Flow-Based or AAFID Framework -- 3.5.7 P2P-Based Framework -- 3.5.8 Distributed Device-Based Frameworks -- 3.5.9 Soft Computing-Based Frameworks -- 3.5.10 Honeypot-Based Frameworks -- 3.5.11 Attack Graph-Based Frameworks -- 3.5.12 Formal Method-Based Frameworks -- 3.5.13 Formal Method-Based Frameworks -- 3.5.14 Network Monitoring Framework -- Questions -- References -- 4. Classification of Network Forensics -- 4.1 Introduction -- 4.1.1 Signature-Based or Misuse Detection -- 4.1.1.1 Monitoring -- 4.1.1.2 Capturing (Avoidance of Packets Drop) -- 4.1.1.3 Notification -- 4.1.1.4 Software Initiation -- 4.1.1.5 Multiperspective Environment -- 4.1.2 Anomaly-Based or Hybrid Detection -- 4.1.3 Comparative Difference between Signature- and Anomaly-Based Detection -- 4.2 Detection and Prevention System -- 4.2.1 Detection System -- 4.2.2 Prevention System -- 4.3 Types of Network Forensics Classification -- 4.3.1 Payload-Based Identification -- 4.3.1.1 Deep Packet Inspection -- 4.3.2 Statistical-Based Identification -- 4.3.2.1 Heuristic Analysis -- 4.4 Network Forensics Analysis Classification -- 4.4.1 Signature-Based Classification -- 4.4.2 Decision Tree-Based Classification -- 4.4.3 Ensemble-Based Classification -- 4.4.3.1 Voting -- 4.4.3.2 Adaptive Boosting -- 4.4.3.3 Bagging -- 4.5 Implementation and Results -- Questions -- References -- Part B Network Forensics Acquisition -- 5. Network Forensics Tools -- 5.1 Introduction -- 5.2 Visual Tracing Tools -- 5.2.1 NeoTracePro -- 5.2.2 VisualRoute -- 5.2.3 Sam Spade -- 5.2.4 eMailTrackerPro -- 5.3 Traceroute Tools5.3.1 Text-Based Traceroute -- 5.3.2 3D-Based Traceroute -- 5.3.3 Visual Traceroute -- 5.4 Monitoring Tools -- 5.4.1 Packet Sniffer Tool -- 5.4.1.1 Wireshark -- 5.4.1.2 Argus -- 5.4.1.3 TCP Dump -- 5.4.1.4 OmniPeek -- 5.4.2 Intrusion Detection System (IDS) -- 5.4.2.1 Zeek -- 5.4.2.2 SNORT -- 5.4.3 Finger -- 5.4.3.1 Nmap -- 5.4.3.2 POF -- 5.4.4 Pattern-Based Monitoring Tool -- 5.4.4.1 NGREP -- 5.4.4.2 TCPXTRACT -- 5.4.5 Statistics-Based Monitoring System -- 5.4.5.1 NetFlow -- 5.4.5.2 TCPstat -- 5.5 Analysis Tools -- 5.5.1 Open-Source Tool -- 5.5.1.1 NetworkMiner -- 5.5.1.2 PyFlag -- 5.5.2 Proprietary Tools -- 5.5.2.1 NetIntercept -- 5.5.2.2 SilentRunner -- Questions -- References -- 6. Network Forensics Techniques -- 6.1 Introduction -- 6.1.1 Conventional Network Forensics Technique -- 6.1.2 Advanced Network Forensics Technique -- 6.2 Conventional Network Forensics Technique -- 6.2.1 IP Traceback Technique -- 6.2.1.1 Link State Testing -- 6.2.1.2 Input Debugging -- 6.2.1.3 Controlled Flooding -- 6.2.1.4 ICMP Traceback -- 6.2.1.5 Packet Marking Techniques -- 6.2.1.6 Source Path Isolation Engine -- 6.2.1.7 Payload Attribution -- 6.2.2 Intrusion Detection System -- 6.2.2.1 Knowledge- or Signature-Based IDS -- 6.2.2.2 Behavior- or Anomaly-Based IDS -- 6.2.3 Firewalls -- 6.2.3.1 Network-Level Firewall -- 6.2.3.2 Application-Level Firewall -- 6.2.3.3 Proxy Firewall -- 6.3 Advanced Network Forensics Techniques -- 6.3.1 Vulnerability Detection Techniques -- 6.3.1.1 Data Fusion, Alert Generation, and Correlation -- 6.3.1.2 Black-Box Testing -- 6.3.1.3 White-Box Testing -- 6.3.1.4 Double-Guard Detecting Techniques -- 6.3.1.5 Hidden Markov Models -- 6.3.2 Honeypots and Honeynet -- 6.3.2.1 Honeypot -- 6.3.2.2 Honeynet -- 6.3.2.3 Classification of Honeypots -- 6.3.2.4 Honeywall -- 6.3.2.5 Architecture Types of Honeynet6.3.3 Highly Efficient Techniques for Network Forensics -- 6.3.3.1 Bloom Filters -- 6.3.3.2 Rabin Fingerprinting -- 6.3.3.3 Winnowing -- 6.3.3.4 Attribution Systems -- 6.3.4 UDP Flooding Technique -- Questions -- References -- 7. Detection of Vulnerabilities -- 7.1 Introduction -- 7.2 Network Forensics Acquisition -- 7.2.1 SIFT -- 7.2.2 CAINE -- 7.2.3 Autopsy -- 7.2.3.1 Extensible -- 7.2.3.2 Comfortable -- 7.2.3.3 Centralized -- 7.2.3.4 Multiple Users -- 7.2.4 Forensics Acquisition Website -- 7.2.5 Oxygen Forensic Suit -- 7.2.6 Paladin Forensic Suit -- 7.2.7 ExifTool -- 7.2.8 CrowdResponse Tool -- 7.2.9 BulkExtractor -- 7.2.10 Xplico -- 7.3 Identification of Network Attacks -- 7.3.1 UDP Flooding -- 7.3.2 Random-UDP Flooding -- 7.3.2.1 Normal Flow of UDP Datagrams -- 7.3.2.2 Random-UDP Flooding Attack -- 7.3.2.3 Identification of Random-UDP Flooding Attack -- Questions -- References -- Part C Network Forensics Attribution -- 8. Network Forensics Analysis -- 8.1 Introduction -- 8.2 Network Forensic Standard Process Model -- 8.2.1 Authorization -- 8.2.2 Preservation -- 8.2.3 Initial Assessment -- 8.2.4 Strategy Planning -- 8.2.5 Evidence Collection -- 8.2.6 Documentation -- 8.2.7 Analysis -- 8.2.8 Investigation -- 8.2.9 Decision and Reporting -- 8.2.10 Review -- 8.3 Network Forensic Framework for the Analysis -- 8.3.1 Network Traffic Collector -- 8.3.2 Reduction and Feature Extraction -- 8.3.3 Analysis and Pattern Matching -- 8.3.4 Reconstruction -- 8.3.5 Replay -- 8.4 Network Traffic Analysis -- 8.4.1 Case Analysis -- 8.4.2 Dataset: KDD Cup 99 Case Study-I -- 8.4.3 Methodology -- 8.4.4 Case Study-I: Experimental Setup -- 8.4.5 Data Selection -- 8.4.6 Analysis of the Case -- 8.5 Network Forensics Analysis with Case Study-2 -- 8.5.1 Analysis Methodology -- 8.5.2 Network Behavior -- 8.5.2.1 Domain Name System -- 8.5.2.2 Internet Control Message Protocol8.5.3 Bot Analysis Using Classification
Classification
Content
Other version

Incoming Resources