The Best Damn Cybercrime and Digital Forensics Book Period

Networks are exposed to an unending series of attacks and exposures. External threats usually come from the Internet and can be grouped into three broad categories such as denial of service (DoS); using the victim s network as a base of attack, to target other networks; or for threat or alteration of information. Internal threats can come from individuals with legitimate access or from those that are exceeding their level of privilege. This means that a forensic expert must understand how the network works and how to access logged data.
Monitoring for insider and outsider attacks should be a proactive activity, but many attacks may not be detected until after the attack has taken place. This will require an inspection of log files. Only by review of the audit and log files can the attack be analyzed and reconstructed. Many forensic experts don t make full use of log and audit data as they may not understand how to access this information or initially overlook it because of the extensive amount of time it takes to read through thousands upon thousands of log file entries. This chapter will look at how tools like the Log Parser can help with this task and make a tedious task easy.
In 1984 the International Standards Organization developed the Open Systems Interconnect (OSI) model. The model is designed to provide order by specifying a specific hierarchy in which each layer builds upon the output of each adjacent layer. The model...