Tactical Wireshark: A Deep Dive Into Intrusion Analysis, Malware Incidents, and Extraction of Forensic Evidence
暫譯: 戰術 Wireshark：深入探討入侵分析、惡意軟體事件及取證證據的提取

Name: Tactical Wireshark: A Deep Dive Into Intrusion Analysis, Malware Incidents, and Extraction of Forensic Evidence
Price: 2252 TWD
Availability: OnlineOnly
Author: Cardwell, Kevin
ISBN: 1484292901

Cardwell, Kevin

出版商: Apress
出版日期: 2023-04-13
售價: $2,370
貴賓價: 9.5 折 $2,252
語言: 英文
頁數: 462
裝訂: Quality Paper - also called trade paper
ISBN: 1484292901
ISBN-13: 9781484292907
相關分類: Wireshark

海外代購書籍(需單獨結帳)

商品描述

Take a systematic approach at identifying intrusions that range from the most basic to the most sophisticated, using Wireshark, an open source protocol analyzer. This book will show you how to effectively manipulate and monitor different conversations and perform statistical analysis of these conversations to identify the IP and TCP information of interest.

Next, you'll be walked through a review of the different methods malware uses, from inception through the spread across and compromise of a network of machines. The process from the initial "click" through intrusion, the characteristics of Command and Control (C2), and the different types of lateral movement will be detailed at the packet level.

In the final part of the book, you'll explore the network capture file and identification of data for a potential forensics extraction, including inherent capabilities for the extraction of objects such as file data and other corresponding components in support of a forensics investigation.

After completing this book, you will have a complete understanding of the process of carving files from raw PCAP data within the Wireshark tool.

What You Will Learn

Use Wireshark to identify intrusions into a network
Exercise methods to uncover network data even when it is in encrypted form
Analyze malware Command and Control (C2) communications and identify IOCs
Extract data in a forensically sound manner to support investigations
Leverage capture file statistics to reconstruct network events

Who This Book Is ForNetwork analysts, Wireshark analysts, and digital forensic analysts.

商品描述(中文翻譯)

採取系統化的方法來識別從最基本到最複雜的入侵，使用 Wireshark 這個開源協議分析器。本書將教你如何有效地操作和監控不同的對話，並對這些對話進行統計分析，以識別感興趣的 IP 和 TCP 資訊。

接下來，你將了解惡意軟體使用的不同方法，從創建到在機器網絡中的擴散和妥協。從最初的「點擊」到入侵的過程、指揮與控制 (Command and Control, C2) 的特徵，以及不同類型的橫向移動，將在封包層級詳細說明。

在本書的最後部分，你將探索網絡捕獲文件和潛在的數據識別，以便進行取證提取，包括提取文件數據和其他相應組件的內在能力，以支持取證調查。

完成本書後，你將對如何從原始 PCAP 數據中提取文件的過程有全面的理解，並能在 Wireshark 工具中進行操作。

你將學到什麼

使用 Wireshark 識別網絡中的入侵

運用方法揭露即使是加密形式的網絡數據

分析惡意軟體的指揮與控制 (C2) 通信並識別 IOCs

以取證有效的方式提取數據以支持調查

利用捕獲文件統計重建網絡事件

本書適合誰閱讀 網絡分析師、Wireshark 分析師和數位取證分析師。

作者簡介

Kevin Cardwell is an Instructor, Curriculum Developer, Technical Editor and Author of Computer Forensics, and Hacking courses. He is the author of the EC Council Certified Penetration Testing Professional, Ethical Hacking Core Skills, Advanced Penetration Testing and ICS/SCADA Security courses. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyberdefense Summit in Oman and was Executive Chairman of the Oil and Gas Cyberdefense Summit. He is the author of Defense and Deception: Confuse and Frustrate the Hackers, Building Virtual Pentesting Labs for Advanced Penetration Testing 1st and 2nd edition, and Backtrack: Testing Wireless Network Security. He holds a BS in Computer Science from National University in California and an MS in Software Engineering from the Southern Methodist University (SMU) in Texas.

作者簡介(中文翻譯)

Kevin Cardwell 是一位講師、課程開發者、技術編輯及計算機取證和駭客課程的作者。他是 EC Council 認證滲透測試專業人員、道德駭客核心技能、高級滲透測試及 ICS/SCADA 安全課程的作者。他曾在 Blackhat USA、Hacker Halted、ISSA 和 TakeDownCon 等多個會議上發表演講。他曾擔任阿曼的網路犯罪與網路防禦峰會主席，並擔任石油和天然氣網路防禦峰會的執行主席。他是《防禦與欺騙：混淆和挫敗駭客》、《為高級滲透測試建立虛擬滲透測試實驗室（第1版和第2版）》以及《Backtrack：測試無線網路安全》的作者。他擁有加州國立大學的計算機科學學士學位和德克薩斯州南方衛理公會大學（SMU）的軟體工程碩士學位。