Health & Medicine

network forensics

Description
Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics,
Published
of 15
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  Other Method to Extract Features  Log/Alert data • Anytextthatgetswrittentoafilethatwecanmonitor • Someofitisveryimportant(firewallalerts,availabilityalerts,etc.)andsomeofitislessso • WehavetosetupthingstoproduceGOODalerts • Therearealotoflogsources,sosomesortofmanagementispreferable 2  Log dataTypical sources • Web server • Web proxy • DNS • Operating system (/var/log/) • SMTP • Whatever you’re using to manage logons • Building access controls • HVAC/ICS/SCADA/Power 3  Alert dataTypical sources • IDS • Firewall • Host based IDS • SIEM (Security Information & Event Manager) • Your server uptime and HA (high availability) stuff  • What else? 4  Network Protocol Metadata • Data pertaining to the information contained in a network flow, including but not limited to: • End-points addresses • source address, destination address, source port, destination port • Statistics • byte counts, connection durations, … • Protocol information • DNS queries, SSL certificate DN’s, user -agent strings
Search
Tags
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks