東華大學圖書館 |

Language: English

Help

回圖書館首頁

手機版館藏查詢

Back

Switch To: Labeled | MARC Mode | ISBD

Tactical Wireshark = a deep dive int...

Cardwell, Kevin.

Linked to FindBook

Google Book

Amazon

博客來

Tactical Wireshark = a deep dive into intrusion analysis, malware incidents, and extraction of forensic evidence /

Record Type:	Electronic resources : Monograph/item
Title/Author:	Tactical Wireshark/ by Kevin Cardwell.
Reminder of title:	a deep dive into intrusion analysis, malware incidents, and extraction of forensic evidence /
Author:	Cardwell, Kevin.
Published:	Berkeley, CA :Apress : : 2023.,
Description:	xv, 462 p. :ill., digital ;24 cm.
[NT 15003449]:	Chapter 01: Customization of the Wireshark Interface -- Chapter 02: Capturing Network Traffic -- Chapter 03: Interpreting Network Protocols -- Chapter 04: Analysis of Network Attacks -- Chapter 05: Effective Network Traffic Filtering -- Chapter 06: Advanced Features of Wireshark -- Chapter 07: Scripting and interacting with Wireshark -- Chapter 08: Basic Malware Traffic Analysis -- Chapter 09: Analyzing Encoding, Obfuscated and ICS Malware Traffic -- Chapter 10: Dynamic Malware Network Activities -- Chapter 11: Extractions of Forensic Data with Wireshark -- Chapter 12: Network Traffic Forensics -- Chapter 13: Conclusion.
Contained By:	Springer Nature eBook
Subject:	Computer security. -
Online resource:	https://doi.org/10.1007/978-1-4842-9291-4
ISBN:	9781484292914

Tactical Wireshark = a deep dive into intrusion analysis, malware incidents, and extraction of forensic evidence /
Cardwell, Kevin.

Tactical Wiresharka deep dive into intrusion analysis, malware incidents, and extraction of forensic evidence /[electronic resource] :by Kevin Cardwell. - Berkeley, CA :Apress :2023. - xv, 462 p. :ill., digital ;24 cm.

Chapter 01: Customization of the Wireshark Interface -- Chapter 02: Capturing Network Traffic -- Chapter 03: Interpreting Network Protocols -- Chapter 04: Analysis of Network Attacks -- Chapter 05: Effective Network Traffic Filtering -- Chapter 06: Advanced Features of Wireshark -- Chapter 07: Scripting and interacting with Wireshark -- Chapter 08: Basic Malware Traffic Analysis -- Chapter 09: Analyzing Encoding, Obfuscated and ICS Malware Traffic -- Chapter 10: Dynamic Malware Network Activities -- Chapter 11: Extractions of Forensic Data with Wireshark -- Chapter 12: Network Traffic Forensics -- Chapter 13: Conclusion.

Take a systematic approach at identifying intrusions that range from the most basic to the most sophisticated, using Wireshark, an open source protocol analyzer. This book will show you how to effectively manipulate and monitor different conversations and perform statistical analysis of these conversations to identify the IP and TCP information of interest. Next, you'll be walked through a review of the different methods malware uses, from inception through the spread across and compromise of a network of machines. The process from the initial "click" through intrusion, the characteristics of Command and Control (C2), and the different types of lateral movement will be detailed at the packet level. In the final part of the book, you'll explore the network capture file and identification of data for a potential forensics extraction, including inherent capabilities for the extraction of objects such as file data and other corresponding components in support of a forensics investigation. After completing this book, you will have a complete understanding of the process of carving files from raw PCAP data within the Wireshark tool. You will: Use Wireshark to identify intrusions into a network Exercise methods to uncover network data even when it is in encrypted form Analyze malware Command and Control (C2) communications and identify IOCs Extract data in a forensically sound manner to support investigations Leverage capture file statistics to reconstruct network events.

ISBN: 9781484292914

Standard No.: 10.1007/978-1-4842-9291-4doiSubjects--Topical Terms:

540555
Computer security.

LC Class. No.: QA76.9.A25 / C37 2023

Dewey Class. No.: 005.83

Tactical Wireshark = a deep dive into intrusion analysis, malware incidents, and extraction of forensic evidence /
LDR:03176nmm a2200325 a 4500 001 2373683
003 DE-He213
005 20230413082450.0
006 m d
007 cr nn 008maaau
008 241231s2023 cau s 0 eng d
020 $a 9781484292914 $q (electronic bk.)
020 $a 9781484292907 $q (paper)
024 7 $a 10.1007/978-1-4842-9291-4 $2 doi
035 $a 978-1-4842-9291-4
040 $a GP $c GP
041 0 $a eng
050 4 $a QA76.9.A25 $b C37 2023
072 7 $a U $2 bicssc
072 7 $a COM051390 $2 bisacsh
072 7 $a ULJ $2 thema
082 0 4 $a 005.83 $2 23
090 $a QA76.9.A25 $b C269 2023
100 1 $a Cardwell, Kevin. $3 1641820
245 1 0 $a Tactical Wireshark $h [electronic resource] : $b a deep dive into intrusion analysis, malware incidents, and extraction of forensic evidence / $c by Kevin Cardwell.
260 $a Berkeley, CA : $b Apress : $b Imprint: Apress, $c 2023.
300 $a xv, 462 p. : $b ill., digital ; $c 24 cm.
505 0 $a Chapter 01: Customization of the Wireshark Interface -- Chapter 02: Capturing Network Traffic -- Chapter 03: Interpreting Network Protocols -- Chapter 04: Analysis of Network Attacks -- Chapter 05: Effective Network Traffic Filtering -- Chapter 06: Advanced Features of Wireshark -- Chapter 07: Scripting and interacting with Wireshark -- Chapter 08: Basic Malware Traffic Analysis -- Chapter 09: Analyzing Encoding, Obfuscated and ICS Malware Traffic -- Chapter 10: Dynamic Malware Network Activities -- Chapter 11: Extractions of Forensic Data with Wireshark -- Chapter 12: Network Traffic Forensics -- Chapter 13: Conclusion.
520 $a Take a systematic approach at identifying intrusions that range from the most basic to the most sophisticated, using Wireshark, an open source protocol analyzer. This book will show you how to effectively manipulate and monitor different conversations and perform statistical analysis of these conversations to identify the IP and TCP information of interest. Next, you'll be walked through a review of the different methods malware uses, from inception through the spread across and compromise of a network of machines. The process from the initial "click" through intrusion, the characteristics of Command and Control (C2), and the different types of lateral movement will be detailed at the packet level. In the final part of the book, you'll explore the network capture file and identification of data for a potential forensics extraction, including inherent capabilities for the extraction of objects such as file data and other corresponding components in support of a forensics investigation. After completing this book, you will have a complete understanding of the process of carving files from raw PCAP data within the Wireshark tool. You will: Use Wireshark to identify intrusions into a network Exercise methods to uncover network data even when it is in encrypted form Analyze malware Command and Control (C2) communications and identify IOCs Extract data in a forensically sound manner to support investigations Leverage capture file statistics to reconstruct network events.
650 0 $a Computer security. $3 540555
650 0 $a Computer networks. $3 539554
650 1 4 $a Open Source. $3 2210577
650 2 4 $a Computer Science. $3 626642
710 2 $a SpringerLink (Online service) $3 836513
773 0 $t Springer Nature eBook
856 4 0 $u https://doi.org/10.1007/978-1-4842-9291-4
950 $a Professional and Applied Computing (SpringerNature-12059)