However, numerous other network forensics and analysis tools also work, although many are quite expensive to purchase and maintain. Kali Linux is an open source Linux tool that is often used for real-time packet capture. Optimally, you will use a RAID 0, which allows for high performance, large storage, and low redundancy. To cater to the large storage requirement, you could use a RAID (redundant array of independent disks). Tremendous resources are required to perform real-time analysis-you need very large storage and a lot of horsepower (RAM). There are two approaches to network forensics: (1) real-time capture and analysis, and (2) retroactive analysis of captured data. This knowledge will lead the investigator to know where the evidence is located. This chapter provides an overview of some of the main domains and key concepts associated with this subject.Ī network forensics investigator should understand the infrastructure of networks in terms of hardware and software.
The subject of network forensics could take several textbooks to cover in depth. A home router can be compromised to provide an attacker with a device from which to sniff traffic and modify the DNS (Domain Name System).
#HOW TO FIND THE IE HOMEPAGE IN PRODISCOVER BASIC MAC#
For example, think about the “Apple Environment”, which can be comprised of a Mac computer, an iPad, Apple TV, HomePod, and iCloud. Home networks have grown in importance tremendously. A managed service provider (MSP) generally provides IT infrastructure services, like cloud storage, to an organization.įinally, we should not think of network forensics as simply being associated with organizations. More recently, we have read about managed service providers (MSPs) being compromised as an effective means to access related networks. Universities that conduct research for the Department of Defense and other government agencies, as well as law firms that house vast quantities of intellectual property during civil litigation cases, are prime targets for government-sponsored attackers. The success of economies that rely on digital information, such as the United States, will remain intact only if competent network forensics investigators are effectively trained and hired in government and corporate organizations. The abbreviation APT includes the word advanced, meaning that attacks on networks are more sophisticated, with tremendous resources supporting them, and are allegedly supported by national governments, like China. These examiners need to understand a very different file system, operating system, and type of evidence. Additionally, the prevalence of advanced persistent threats (APTs) means that there is a greater need for network forensics examiners. The method by which this evidence is retrieved is irrelevant. For example, when Hotmail email messages are required, only a court order is needed to obtain the records. The lack of expertise in the community stems from the fact that forensic examiners focus on client computers and devices during investigations and obtain server-side evidence from a variety of service providers. However, with so much at stake, in terms of financial liability and bad publicity, it is imperative that organizations think more in terms of in-house forensics investigators who have the legal and technical expertise to adequately handle these breaches, especially with the risk of civil lawsuits. As a nation, we have relied on security and general information technology personnel to handle these incidents. The NotPetya ransomware attack of 2017 cost Merck as much as $1.3 billion. The Sony PlayStation breach in 2011 alone is estimated to have cost the company $170 million when more than 100 million customer records were compromised. This domain of forensics is so important because of the explosion in network breaches. Network forensics is extremely important, but very few people understand it. Mistakes made when investigating networks Īdvanced persistent threats: perpetrators, vectors of attack, and indicators of compromise and Hardware devices that contain network logs that are valuable to a forensic examiner Chapter 8 Network Forensics and Incident ResponseĪfter reading this chapter, you will be able to understand the following:
0 kommentar(er)
