TABLE OF CONTENT:
1. TAKE THE CHALLENGE – THE PATH TO FORENSICS
by Brendan Hourihan, Director of Network and Desktop Support Services at Flagler College
Administering IT usually means also administering security at some level. If you got thrown in at the deep the best is to… accept the challenge and deal with Network Security on your own! Brendan succeeded and wants to share his experience with you.
2. STEPS TO CONDUCT NETWORK FORENSIC ANALYSIS
by Rizwan Khan, CISSP, CFCE, Information Technology Specialist
Prepare yourself for the perfect network forensic investigation – what are the network topologies, attacks and threats? How to gather the necessary data? And finally – how to make good use of Wireshark, Snort and Ossec – invaluable network forensic tools?
3. PACKET ANALYSIS USING WIRESHARK TO AID IN NETWORK FORENSIC INVESTIGATIONS
by Jessica Riccio, Computer Forensics Technician at Burgess Consulting&Forensics
Imagine that you are the manager of a company and receive a tip from an employee that another employee is using his computer to view images that violate the company’s computer use policy. After hearing this information, you want to decide if the allegations made against your employee are true. All you need to do is launch Wireshark and follow Jessica’s guide!
4. SYSINTERNALS… YES ALSO FOR FORENSIC
by Antonio Ieranò, Technical Manager, Advisor and Writer
Sometimes the simplest tools are the best companion to make discovery and analysis even in forensic environment. On Linux-Unix Platform we can find thousands of tools, from backtrack to the new version of Kali-Linux that can help us to make analysis. But what happens if we’re not linux geek and use the ol’fashioned Microsoft platforms? Do we necessarily have to rely on expensive tools? Well, sometimes we can find a useful companion in our tasks and analysis in one old set of tool created some years ago called Sysinternals.
5. KNOW XPLICO: AN OPENSOURCE NETWORK FORENSIC FRAMEWORK
by Anderson Tamborim, Security Researcher at NextLayer
In this article we will explore Xplico, an OpenSource Framework extremely powerful for network forensics analysis. We will learn its main features, and how this tool can improve any network incident response, also turn the data analysis much easier.
6. TAMING YOUR WAF WITH W3AF AND SELENIUM
by John Stauffacher, Principal Consultant – Application Security at Accuvant
Web Application Firewalls are becoming recently a hot topic with no doubt. From a forensic standpoint, understanding a Web Application Firewall and the simple tools used to tune it is a huge bonus. Knowing how to integrate the WAF as a ‘security shim’ between the end user and the application, helps in not only forensic investigations, but ongoing performance matters as well.
7. DEXTER’S FORENSICS. A NETWORK AND MEMORY ANALYSIS
by Andrei Saygo, Sr Anti-Malware Security Engineer at Microsoft
In this article we’ll go step by step through an analysis of Dexter, the infamous password-stealing threat that targets Point of Sale (PoS) systems from a network and memory forensics point of view.
8. TRACKING NETWORK TRAFFIC WITH BACKTRACK DARKSTAT AND DRIFTNET
by Ayei Ibor, Lecturer at Cross River University of Technology
Monitoring a network can be done in several ways using different applications. One common way of tracking traffic that goes in and out of a network is packet sniffing. BackTrack darkstat and driftnet are the tools that allow us capture and log of live traffic that passes through our network. Nothing will escape your attention now!
9. LAYERS BEHIND YOUR COMMUNICATION – THE OSI REFERENCE MODEL
by Monisha Dhanraj, Cyber Security Analyst at Techsapiunt Solutions
The need for securing the network as well as the data is required more than ever in the present world of increased cyber crimes. What is secure today may not be secure tomorrow. A deep dive into understanding the system and the potential threats associated with the system helps in strengthening the system.
10. TEST CHALLENGES IN PACKET-BASED SYNCHRONIZATION APPLICATIONS
by Francisco Hens, Telecommunication Engineer, Product Manager at ALBEDO Telecom
It is sometimes assumed that network problems are more related with the information carried by the network than with the timing associated with this information. This paper shows that this is not always correct… Learn about synchronization and it’s importance in forensic analysis!
11. RELIEVING SUBNET MISERY
by Eric Vanderburg, Director of Information Systems and Security at JurInnov
IP addressing is essential for any IT professional. Why then is subnetting, a component of IP addressing, so often avoided? Subnetting is seen as an advanced, more difficult TCP/IP topic because of the math, formulas, and binary that is associated with it, but subnetting can become easy with the knowledge of a few simple steps. You will also find that it is a valuable skill for anyone in IT and a skill often tested on certification exams such as the Cisco Certified Network Associate (CCNA).
12. ON THE TRAIL OF BREADCRUMBS: Interview with Jason Brvenik, Principal Engineer, Security Business Group, Cisco
by Robert Vanaman, Microcomputer Consulting Professional, and Ola Kobrzyńska, Editor at eForensics Magazine
The key to defeating malware is to determine how it entered and where it went, but this relatively simple concept is complicated by attackers’ ability to cover their tracks. To respond, enterprises must look for the trail of “breadcrumbs” left by advanced malware – the subtle, telltale signs of compromise frequently undetected by traditional security defenses focused on more overt indicators, like files matching known malware.
13. CREATING AN INCIDENT RESPONSE PROCESS
by Vincent Beebe, Network Security Advisor at Dell SecureWorks
In today’s technologically advanced society, our response to events is extremely important. This is never truer than when it comes to assets within a company. There are a lot of tools in place in today’s business world to monitor and protect. Unfortunately, in a lot of cases, there is no established process that defines what to do when an alert occurs…
to be continued…