Wednesday, April 17, 2013
Network Forensics: Tracking Hackers through Cyberspace, 1st edition, Sherri Davidoff
This book is a fascinating account of how to investigate and debug networking mysteries. I search for books in computer security often in amazon and recently came across this book. It is written in an excellent manner and has lucid explanations throughout. It has very good annotations including footnotes with links. Best way to learn a system/protocol/network is to reverse engineer and study its inner design. The book can be used by a wide variety of professionals - Students will benefit immensely to understand/debug systems. IT staff/security professionals will get benefit how to investigate attacks into systems and thereby how to prevent them. If you like mystery, hacking to understand systems, looking into packet traces to see how things work, this book will thrill you.
Best way to go over this book is to get a system with Linux (a good distribution for this book is BackTrack Linux), and go over the book/case studies. The book has plenty of screenshots/command line outputs making learning a breeze. The author's writing style makes the book lively. It is organized into four parts - Foundations, Traffic Analysis, Network Devices/Servers and Advanced Topics
Some of the topics covered to give an idea are Investigation techniques, packet analysis by looking into headers/payloads, explanation on wireless in detail, network intrusion detection/analysis, event log aggregation, correlation and analysis. Security/SSL, IPSec, tunneling, malware analysis are all covered in great detail.
This book has lot of case studies - e.g., statistical flow analysis in Chapter 5. This makes it very interesting and practical. Also the authors have put the capture files and scripts in their website to accompany the book. Commend the authors Sherri Davidoff and Jonathan Ham for bringing out this wonderful book. It should be in every student/professional of networking/security domains.
I'll first start by stating that I didn't end up reading this book. I was looking for something that would bring me up to speed quickly in incident response; however, this was not the book. The author starts by covering the basics and add on with things like, defining what a switch is, what a router is etc. My thought is if you don't know what a switch is, you shouldn't be reading a book on incident response. I did look through the advanced topics on APT stuff and that looks very good but it is only a few pages of the book. If this author wrote 400 pages of material similar to what he/she covers in the advanced topics, I would buy and read the book in a heartbeat...probably twice. So if you want to learn abstract information about networks, systems and information security, this is a great book. If you know a bit about these things but are looking to dive head first in incident response, look to one or both of Richard Bejtlich's books on Security monitoring.
Specific, not just in general info.
very rich with usefull examples.
good as refference manual for every IT security proffessional
Dry but gets the job done, you want a solid basis in TCPIP and networking generally prior to picking this one up but its accurate and sets the foundation pretty well if you are moving into this field and enjoy the challenge it presents.
Ok, this is a great scholarly text. If you've never used Wireshark or a Ethernet Tap then you will be in for a treat and a lot of tools you haven't ever used before. Otherwise, this work is like most College text, when the first few chapters are a "history of" and then it sort of goes to an explanation of the tools you need. I found several things I didn't know, and a few tips on actually hiding your traffic and obfuscating your internet mixed in the text. It's not Harry Potter, and sadly it didn't make me a wazard, but it's a great book for anyone interested in network forensics. For those who are hacker minded, this is basically a book of "this is how you can / will be caught" so, read it, know it, reverse it... and then see how much you can derive from your own traffic. The exercises seem to be aimed for a school / network which isn't really in existence, aka most of the "test" are more... ok, look at the traffic patterns in the book, and figure out what you are looking for, instead of go to your computers and run this simulation. Overall, I'd give this book a 4 out of 5 stars, because they teach you how to watch the traffic and dissect it, yet give very little information on how to obfuscate your tracks. Then again, if they taught you how to do that, they'd be out of a job. :D
With a title like Network Forensics: Tracking Hackers through Cyberspace, the book at first sounds like a cheesy novel. But by page 25, you will quickly see this is the real thing. By the time you hit the last page, you will have read the collective wisdom of two of the smartest minds in the space.
Author's Jonathan Ham and Sherri Davidoff are both SANS Institute instructors, and bring significant real-world experience to every chapter. Martin McKeay has an interview (albeit dated) with the authors on his web site here about their SANS course on network forensics.
In 12 densely written chapters at just over 500 pages, the book covers nearly every aspect within network and digital forensics.
While the book Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet provides a comprehensive overview of the topic; Network Forensics: Tracking Hackers through Cyberspace focuses at the packet level.
Part 2, which is about a third of the book, is spent on traffic analysis, with all-embracing coverage of concepts and topics such as statistical flow analysis, wireless traffic capture and analysis, NIDS detection and analysis, packet logging and more.
Readers should be very comfortable with Wireshark packet capture output, which the book extensively references. Those not quite comfortable with packet capture analysis will likely find this book way over their head.
Part 3 focuses on network devices and logging for all types of network devices. Detailed logging aspects for switches, routers and firewalls are dealt with.
The last 2 chapters deal with advanced topics such as network tunneling and malware forensics.
The book also includes 9 case studies which go into extreme detail on the topic covered. While the notion of a case study in many books is a 2-3 page overview, these case studies are 10-20 pages in length and provide an across-the-board analysis of the topic. Evidence files for each case study are available at the author's web site here.
Network Forensics: Tracking Hackers through Cyberspace is an extremely detailed and comprehensive guide on the topic. It is made for the advanced user who is comfortable with forensic tools such as NetworkMiner and Snort.
For those that are up to the task, Network Forensics: Tracking Hackers through Cyberspace is an invaluable reference that will make the reader a master of the topic.
Product Details :
Hardcover: 576 pages
Publisher: Prentice Hall; 1 edition (June 23, 2012)
Language: English
ISBN-10: 0132564718
ISBN-13: 978-0132564717
Product Dimensions: 7.4 x 1.4 x 9.4 inches
More Details about Network Forensics: Tracking Hackers through Cyberspace, 1st edition
or
Download Network Forensics: Tracking Hackers through Cyberspace, 1st edition PDF Ebook
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment