Network Forensics: Tracking Hackers through Cyberspace

Posted on by Ben Rothke

With a title like Network Forensics: Tracking Hackers through Cyberspace, the book at first sounds like a cheesy novel.  But by page 25, you will quickly see this is the real thing.  By the time you hit the last page, you will have read the collective wisdom of two of the smartest minds in the space. 

Author’s Jonathan Ham and Sherri Davidoff are both SANS Institute instructors, and bring significant real-world experience to every chapter.  Martin McKeay  has an interview (albeit dated) with the authors here about their SANS course on network forensics. 

In 12 densely written chapters at just over 500 pages, the book covers nearly every aspect within network and digital forensics. 

While the book Digital Evidence and Computer Crime: Forensic Science, Computers and the Internetprovides a comprehensive overview of the topic; Network Forensics: Tracking Hackers through Cyberspace focuses at the packet level. 

Part 2, which is about a third of the book, is spent on traffic analysis, with all-embracing coverage of concepts and topics such as statistical flow analysis, wireless traffic capture and analysis, NIDS detection and analysis, packet logging and more. 

Readers should be very comfortable with Wireshark packet capture output, which the book extensively references.  Those not quite comfortable with packet capture analysis will likely find this book way over their head. 

Part 3 focuses on network devices and logging for all types of network devices.  Detailed logging aspects for switches, routers and firewalls are dealt with. 

The last 2 chapters deal with advanced topics such as network tunneling and malware forensics. 

The book also includes 9 case studies which go into extreme detail on the topic covered.  While the notion of a case study in many books is a 2-3 page overview, these case studies are 10-20 pages in length and provide an across-the-board analysis of the topic. Evidence files for each case study are available at the author’s web site here

Network Forensics: Tracking Hackers through Cyberspace is an extremely detailed and comprehensive guide on the topic.  It is made for the advanced user who is comfortable with forensic tools such as NetworkMiner and Snort

For those that are up to the task, Network Forensics: Tracking Hackers through Cyberspace is an invaluable reference that will make the reader a master of the topic.

Ben Rothke

Senior Information Security Manager, Tapad


data security forensics & e-discovery privacy

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs