Cisco Switch Forensics_ Investigating Analyzing Malicious Net....pdf

发布时间：2022-06-10 发布人：admin 分类：说明书资料大小：10.96M 资料格式：pdf 举报版权申诉

drjiachen-11592402-4744300845381976939.pdf-第1页.png

第1页 / 共596页

drjiachen-11592402-4744300845381976939.pdf-第2页.png

第2页 / 共596页

drjiachen-11592402-4744300845381976939.pdf-第3页.png

第3页 / 共596页

drjiachen-11592402-4744300845381976939.pdf-第4页.png

第4页 / 共596页

drjiachen-11592402-4744300845381976939.pdf-第5页.png

第5页 / 共596页

drjiachen-11592402-4744300845381976939.pdf-第6页.png

第6页 / 共596页

drjiachen-11592402-4744300845381976939.pdf-第7页.png

第7页 / 共596页

drjiachen-11592402-4744300845381976939.pdf-第8页.png

第8页 / 共596页

opr00YX9

Contents

opr00YXA

Lead Author and Technical Editor

opr00YXB

Contributing Authors

opr00YXC

An Overview of Cisco Router and Switch Forensics

About This Book

Defining a Secure Network

Network Architectures

Equipment Used for the Examples in This Book

Routers

Switches

Firewalls

Syslog Server

Setting Up a Secure Network

Routers

Switches

Syslog

Wireless Access Points

The Incident

What Happened

Who Spotted It

First Responders

How to Respond

Preserving the Evidence

Relevant Laws

Whom to Call

Law Enforcement Issues

Summary

Solutions Fast Track

Defining a Secure Network

Equipment Used for the Examples in This Book

Setting Up a Secure Network

The Incident

How to Respond

Frequently Asked Questions

opr00YXD

Digital Forensics and Analyzing Data

Introduction

The Evolution of Computer Forensics

The Phases of Digital Forensics

Collection

Preparation

Hardware Documentation Difficulties

Difficulties When Collecting Data from RAID Arrays, SANs, and NAS Devices

RAID

SANs

NAS Devices

Difficulties When Collecting Data from Virtual Machines

Difficulties When Conducting Memory Acquisition and Analysis

Examination

Utility of Hash Sets

Difficulties Associated with Examining a System with Full Disk Encryption

Trusted Platform Module (TPM)

Alternative Forensic Processes

Analysis

Analysis of a Single Computer

Metadata

Exchangeable Image File Format

Binary and Malware Analysis

Deleted Items

Data Carving

E-Mail Analysis

Analysis of an Enterprise Event

System Flow Charts

Timelines

Tools for Data Analysis

GREP

Spreadsheets

Databases

Snort

Security Event Management Systems

Reporting

Summary

Solutions Fast Track

The Evolution of Computer Forensics

The Phases of Digital Forensics

Frequently Asked Questions

Endnotes

opr00YXG

Seizure of Digital Information

Introduction

Defining Digital Evidence

Digital Evidence Seizure Methodology

Seizure Methodology in Depth

Step 1: Digital Media Identification

Step 2: Minimizing the Crime Scene by Prioritizing the Physical Media

Step 3: Seizure of Storage Devices and Media

To Pull the Plug or not to Pull the Plug, that is the Question

Factors Limiting the Wholesale Seizure of Hardware

Size of Media

Disk Encryption

Privacy Concerns

Delays Related to Laboratory Analysis

The Concept of the First Responder

Other Options for Seizing Digital Evidence

Responding to a Victim of a Crime where Digital Evidence is Involved

Seizure Example

Determining the Presence and Location of Evidentiary Data Objects

Obtaining Information from a Running Computer

Imaging Information On-Scene

Imaging Finite Data Objects On-Scene

Use of Tools for Digital Evidence Collection

Common Threads within Digital Evidence Seizure

Determining the Most Appropriate Seizure Method

Summary

Solutions Fast Track

Defining Digital Evidence

Digital Evidence Seizure Methodology

Factors Limiting the Wholesale Seizure of Hardware

Other Options for Seizing Digital Evidence

Common Threads within Digital Evidence Seizure

Determining the Most Appropriate Seizure Method

Frequently Asked Questions

Endnotes

opr00YXH

The Mindset of a Network Administrator

Introduction

Who Is a Network Administrator?

The God Complex

Job Security

If No One Else Knows How It Works, I Will Continue to Have a Job

Salaries

Social Engineering

Google Them

Social Networking Sites

No-Tech Hacking

Summary

Solutions Fast Track

Who Is a Network Administrator?

Social Engineering

Frequently Asked Questions

opr00YXI

Arrival on the Scene

Introduction

Preparing for the Scene

Preliminary Checklists

Procedures

Equipment

Software

Communicating with On-Scene Personnel

Preexisting Documentation

Policies and Procedures

Diagrams

Passwords

Access Control Lists

Securing the Scene:Protecting Equipment and Data

Evidence Tape and Bags

Safety

Network Isolation: Stopping the Attack

To Stop an Attack You Must Be Able to Identify the Attack

Ascertain Whether Live Acquisition Is Necessary

Document, Document, Document

Maintaining or Restoring Business Continuity

Follow Agency Guidelines

Cooperating and Coordinating with Other Agencies

Coordinating with Outside Agencies

Internet Crime Reporting Resources

The Incident

Summary

Solutions Fast Track

Preparing for the Scene

Communicating with On-Scene Personnel

Securing the Scene: Protecting Equipment and Data

Network Isolation: Stopping the Attack

Document, Document, Document

Maintaining or Restoring Business Continuity

Cooperating and Coordinating with Other Agencies

The Incident

Frequently Asked Questions

opr00YXJ

Diagramming the Network Infrastructure

Introduction

Preexisting Documentation

None

Out-of-Date

Inaccurate

Accurate

Physical Layout

Patch Panels

Cabling

Hubs

Wireless Access Points

Switches

Routers

Servers

E-Mail

SQL and Oracle

UNIX, Linux, and Windows

Databases

DHCP

DNS

Firewalls

Workstations and Peripherals

Laptops

Desktops

Peripherals

Logical Layout

Subnets

Virtual Local Area Network (VLAN)

DMZ

Topology

Internal Access

Firewall Settings

Intrusion Detection System Settings

Syslog

Access Control Lists

External Access

Firewall Settings

IDS Settings

Syslog

Virtual Private Network Access

Access Control Lists

Remote Access

VNC

RDP

RADIUS

Telnet

SSH

The Incident

Summary

Solutions Fast Track

Preexisting Documentation

Physical Layout

Logical Layout

Internal Access

External Access

The Incident

Frequently Asked Questions

opr00YXK

Cisco IOS Router Basics

Introduction

Connecting to the Router

HyperTerminal

The Console Port

The Auxiliary Port

Telnet

Web Interface

User Account Setup

Cisco Network Assistant

Router Modes

User Mode 0

Commands

User Modes 1 through 14

Commands

Privileged Mode

Commands

Global Configuration Mode

Routing Protocols

Interior and Exterior Gateway Protocols

Distance Vector Routing Protocols

RIP

EIGRP

BGP

Link State Routing Protocols

OSPF

Backup and Restoration of Routers

Configuration Files

Backing Up Configurations

TFTP

Restoring Configurations

Router Issues

Final Security Issues

ACLs

Boot Problems

Router Passwords

The Incident

Summary

Solutions Fast Track

Connecting to the Router

Router Modes

Routing Protocols

Backup and Restoration of Routers

Router Issues

The Incident

Frequently Asked Questions

opr00YXL

Understanding the Methods and Mindset of the Attacker

Introduction

Information Gathering

Google Hacking

No-Tech Hacking

Social Networking Sites

Scanning and Probing

Nmap

Netcat

Nessus

Maltego

Other Scanning Tools

Exploiting Weaknesses

Metasploit

MSF Version 3

MSF Version 2

Milw0rm

Password Cracking

Maintaining Access

Backdoors

Rootkits

Tunneling

Covering Tracks

Anti-Forensics

The Incident

Summary

Solutions Fast Track

Information Gathering

Scanning and Probing

Exploiting Weaknesses

Maintaining Access

Covering Tracks

The Incident

Frequently Asked Questions

opr00YXM

Collecting the Non-Volatile Data from a Router

Introduction

Before You Connect to the Cisco Router

Initial Steps

Interview the POC

Obtain the Router Password

Procedures

Background

Document Your Steps

Connecting to the Cisco Router

Serial Cable

USB Connection

HyperTerminal

Telnet

Web-Based Interface

Cisco Network Assistant

Router Non-Volatile Data Collection Procedures

Documentation

Network-Based Backup of Config Files

TFTP

Router Commands to Run on the Cisco Router

Analysis of Gathered Non-Volatile Router Data from a Cisco Router

Analyzing What Happened

Log Files

Building Your Case

The Incident

Summary

Solutions Fast Track

Before You Connect to the Cisco Router

Connecting to the Cisco Router

Router Non-Volatile Data Collection Procedures

Router Commands to Run on the Cisco Router

Analysis of Gathered Non-Volatile Router Data from a Cisco Router

The Incident

Frequently Asked Questions

opr00YXP

Collecting the Volatile Data from a Router

Introduction

Before You Connect to the Cisco Router

The Cisco Router

Router Functions, Architectures, and Components

Initial Steps

Make a Record

Interview the POC

Preinvestigation Tasks

Obtain the Router Password

Modes of Operation

Remote Evidence May Be All That Is Available if the Passwords Have Been Modified

Common Management Services

SNMP

HTTP

Live Capture Procedures

Background

Document Your Steps

Connecting to the Cisco Router

USB Connection

HyperTerminal

Telnet

Web-Based Interface

Cisco Network Assistant

Interactive Access

TTYs

Controlling VTYs and Ensuring VTY Availability

Volatile Data Collection Procedures

Documentation

Network-Based Backup of Config Files

TFTP

FTP

Configuration Files and States

Creating a Set of Access Scripts

Commands to Run on the Cisco Router

The Major Commands

The show audit Command

The show clock detail Command

The show version Command

The show access-lists Command

The show users Command

The show ip route Command

The show banners Command

The show arp and how ip arp Commands

The show ip sockets, show udp, and show tcp Commands

The show tech-support Command

The show stacks Command

The show logging Command

AAA Logging

SNMP Trap Logging

Console Logging

Buffer Logging

Syslog Logging

SNMP Logging

AAA Logging

ACL Violation Logging

Logging Summary

Advanced Data Collection

Core Analysis

Analyzing Volatile Data Gathered from a Cisco Router

Automated Router Forensics

RAT

How RAT Works

How to Install RAT

How to Run RAT

Command Syntax

CREED: The Cisco Router Evidence Extraction Disk

Analyzing What Happened

The Stages of a Forensic Engagement

Phase 1: Gain an Understanding of the System

Phase 2: System Design and Configuration Assessment-Planning

Phase 3: The Initial Steps

Phase 4: The Investigation

Phase 5: Report Preparation

The Incident

Summary

Solutions Fast Track

Before You Connect to the Cisco Router

Connecting to the Cisco Router

Volatile Data Collection Procedures

Commands to Run on the Cisco Router

Analyzing Volatile Data Gathered from a Cisco Router

The Stages of a Forensic Engagement

The Incident

Frequently Asked Questions

Endnotes

opr00YXQ

Cisco IOS Switch Basics

Introduction

Switch Basics

Switch Concepts

Advantages over Hubs

Switch Modes

Cut-Through

Store-and-Forward

Symmetric versus Asymmetric

Switch Terminology

CAM

MAC Flooding

Layer 2 Switches

Layer 3 Switches

Collision Domains

Microsegmentation

Broadcast Domains

Port Security

Connecting to the Switch

Switch LED Indicators

HyperTerminal

The Console Port

Telnet

Web Interface

Cisco Network Assistant

Switch Modes

User Mode 0

Commands

User Modes 1 through 14

Commands

Privileged Mode

Commands

Global Configuration Mode

User Account Setup

VLAN Database Configuration

Managing IOS

Backup and Restoration of Switches

Configuration Files

Backing Up Configurations

TFTP

Restoring Configurations

Switch Issues

Final Security Issues

Boot Problems

Switch Passwords

The Incident

Summary

Solutions Fast Track

Switch Basics

Switch Terminology

Connecting to the Switch

Switch Modes

Managing IOS

Backup and Restoration of Switches

Switch Issues

The Incident

Frequently Asked Questions

opr00YXR

Collecting the Non-Volatile and Volatile Data from a Switch

Introduction

Before You Connect to the Cisco Switch

Initial Steps

Interview the POC

Obtain the Switch Password

Procedures

Background

Document Your Steps

Connecting to the Cisco Switch

LED Lights

Serial Cable

HyperTerminal

Telnet

Web-Based Interface

Cisco Network Assistant

Volatile and Non-Volatile Data Collection Procedures

Documentation

Screenshots

HyperTerminal

Telnet

Web-Based Interface

Cisco Network Assistant

Network-Based Backup of Config Files

TFTP

FTP

Commands to Run on the Cisco Switch

Show Commands

Clock

Version

Running Config

Startup Config

MAC Table

Banners

Logging

Examining the VLAN Database

Examining Port Security

Analyzing Volatile and Non-Volatile Data Gathered from a Cisco Switch

Analyzing What Happened

Building Your Case

The Incident

Summary

Solutions Fast Track

Before You Connect to the Cisco Switch

Connecting to the Cisco Switch

Volatile and Non-Volatile Data Collection Procedures

Commands to Run on the Cisco Switch

Analyzing Volatile and Non-Volatile Data Gathered from a Cisco Switch

The Incident

Frequently Asked Questions

opr00YXS

Preparing Your Report

Introduction

Forms

Chain-of-Custody Form

Agency-Specific Forms

Evidence Forms

Serial Number

Evidence Number

Report Components

Agent Names

Case Number

Individuals Present

Time

Time Zone

Timeline of Recorded Events

Serial Number and Evidence Number

Documented Policies, Procedures, and Guidelines

Mistakes

Processing On-Screen Data

Trusted Binaries

Volatile Data

Non-Volatile Data

Trojanized Binaries

Shutdown Procedures

Pulling the Plug

Graceful Shutdowns

Drawings

Computers

Network Devices

Cabling

The Incident

Summary

Solutions Fast Track

Forms

Report Components

Processing On-Screen Data

Shutdown Procedures

Drawings

Frequently Asked Questions

opr00YXV

Preparing to Testify

Introduction

Documentation

Reports

Acquiring Evidence

Authenticating Evidence

Analyzing Evidence

Forms

Chain of Custody

Affidavits

Notes

Checklists

Visual Tools

Computer Graphics

Video

Charts

Diagrams

Illustrations

Understanding the Daubert and Frye Standards

Daubert

Tested Theories

Peer-Reviewed and Publicized Theories

Error Rates

Frye

Scientific Evidence

Acceptance by the Scientific Community

Applicability to Procedures

Federal Rules

Article VII: Opinions and Expert Testimony

Preparation

Article VIII: Hearsay

Errors and Omissions

Published or Authoritative Works

Acknowledging Flaws and Alternative Theories

Words of Caution

Admissibility

The Incident

Summary

Solutions Fast Track

Documentation

Visual Tools

Understanding the Daubert and Frye Standards

Federal Rules

Errors and Omissions

Words of Caution

The Incident

Frequently Asked Questions

opr00YXW

Index

opr00YXX

Cisco Wireless Device Forensics

Introduction

How Wireless Technology Changes Network Security

Overview of 802.11 Standards

Shared Network Model

Protecting the Data Link and Physical Layers

Tracking and Attacking Anonymity

Attacks on Wireless Networks

Authentication

Physical Security

Designing for Security

Creating a Security Policy

Risk Assessment

The Big Three

Logging and Accounting

Hot Standby

Configuring Hot Standby

Implementing Firewalls for Additional Security

Public Secure Packet Forwarding

Filters

WLAN LAN Extension 802.1x/EAP

EAP

EAP Packet Format

EAP Request and Response

EAP Success and Failure

802.1x

EAP Types

EAP Message Digest 5

EAP Generic Token Cards

EAP TLS

Cisco EAP

LEAP Authentication Process

Implementing LEAP

Configuring ACS

Configuring Access Points

Configuring the Client

WLAN LAN Extension IPSec

Standards Used in IPSec

IKE

IKE Authentication

ESP

Implementing IPSec over WLAN

VPN Device List in WLAN

Configuring the VPN Gateway

Configuring an Access Point

Configuring Filters Using the CLI in IOS

Configuring Filters Using a Web Browser in IOS

Configuring a VPN Client

WLAN Static WEP Keys

WEP

IV WEP Vulnerable

IV and RC4 Vulnerabilities

Mitigating WEP Vulnerability

TKIP

Message Integrity Check

Configure Static 128-bit WEP with TKIP

Using a Web Browser for Access Point Configuration

Configuring the Client

The Cisco Wireless and Wireless-Aware Vision

The Cisco Structured Wireless-Aware Network Product Line

APs

Aironet Bridges

Client Adapters

Cisco IOS

Wireless LAN Solution Engine

Wireless Security Suite

Access Control Server

Cisco Wireless LAN Switches and Routers

Cisco Wireless Antennas and Accessories

Ceiling Mount Omnidirectional Antenna 2.4 GHz (AIR-ANT1728)

Mast Mount Omnidirectional Antenna 2.4 GHz (AIR-ANT2506)

High-Gain Mast Mount Omnidirectional Antenna 2.4 GHz (AIR-ANT24120)

Pilar Mount Diversity Omnidirectional Antenna 2.4 GHz (AIR-ANT3213)

POS Diversity Dipole Omnidirectional Antenna 2.4 GHz (AIR-ANT3351)

Diversity Ceiling Mount Omnidirectional Patch Antenna 2.4 GHz (AIR-ANT5959)

Directional Wall Mount Patch Antenna 2.4 GHz (AIR-ANT3549, AIR-ANT1729)

Diversity Directional Wall Mount Patch Antenna 2.4 GHz (AIR-ANT2012)

Yagi Antenna 2.4 GHz (AIR-ANT1949)

Dish Antenna 2.4 GHz (AIR-ANT3338)

Cisco’s 2.4 GHz Antennas Summary

5 GHz Antennas

Cisco Wireless IP Phone

Cisco IOS and WLANs

Upgrading from VxWorks to IOS

Using the Aironet Conversion Tool for Cisco IOS Software v2.0

Using the Browser and VxWorks

Using CiscoWorks WLSE for IOS Conversion

Cisco Aironet APs

Aironet 1200 AP

First-Time Basic Configuration

Aironet 1100 AP

Aironet 350 AP

Cisco Aironet WLAN Client Adapters

Cisco Aironet 350 Series Client Adapters

Cisco Aironet 5GHz Client Adapter

Cisco Aironet 802.11a/b/g Client Adapters

CiscoWorks Wireless LAN Solution Engine (WLSE) 2.x

Fault Monitoring

Device Management

Device Configuration and Firmware Upgrades

Configure Tab

Firmware Tab

Reports

Radio Manager

Summary

Solutions Fast Track

How Wireless Technology Changes Network Security

Designing for Security

WLAN LAN Extension 802.1x/EAP

WLAN LAN Extension IPSec

WLAN Static WEP Keys

The Cisco Wireless and Wireless-Aware Vision

The Cisco Structured Wireless-Aware Network Product Line

Cisco IOS and WLANs

Cisco Aironet APs

Cisco Aironet WLAN Client Adapters

CiscoWorks Wireless LAN Solution Engine (WLSE) 2.x

Disclaimer: All equipment photos are provided courtesy of Cisco Systems, Inc. and are intended for informational purposes only. Their use does not in any way constitute endorsement, partnering or any other type of involvement on the part of Cisco Systems, Inc. Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®, “Career Advancement Through Skill Enhancement®,” “Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Elsevier, Inc. “Syngress: The Definition of a Serious Security Library”™, “Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. PUBLISHED BY Syngress Publishing, Inc. Elsevier, Inc. 30 Corporate Drive Burlington, MA 01803 Cisco Router and Switch Forensics: Investigating and Analyzing Malicious Network Activity Copyright © 2009 by Elsevier, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN 13: 978-1-59749-418-2 Publisher: Laura Colantoni Acquisitions Editor: Angelina Ward Developmental Editor: Matthew Cater Lead Author and Technical Editor: Dale Liu Project Manager: Phil Bugeau Page Layout and Art: SPI Copy Editor: Audrey Doyle Indexer: SPI Cover Designer: Michael Kavish For information on rights, translations, and bulk sales, contact Matt Pedersen, Director of Corporate Sales; email m.pedersen@elsevier.com. Library of Congress Cataloging-in-Publication Data Application Submitted More free ebooks : http://fast-file.blogspot.com

Contents A bQ LIt I " <~ lll-Tl'U' -"cure Introduction An Overview of Cisco Router and Switch forensics ..•.•.•. 1 1 is Huok " _ ... _ _ . •. . _ _ , . . ____ ... _ . .. _ . __ .. .• _ . • .. __ .•. __ • :1 , "1_ e~", rk K hire-enll'C's _ • . • _ _ , .. ___ .• ____ .. _ . __ , , • __ ...• __ ••• ___ :1 Ins Dook __ .. _ . __ .... _ .. . , __ ... _ .• 5 Ill:flo.. • • • - . • • • • • • . • •••••••••• • ••• •• •••• , , ••••• , " • • • • • _ •• - EqUIpment U~l:'d ror du:, lGImpk~ III , . . . . . . . . ~ ~ ...... I • • • • • • ~ I . . . . . , '>"'~r ' ... ' '-If'll V ... ~.. ~ n ,.. .. t • • • • , . ~ • • , . . . . . . . . . . . . . ~ of L ~ • • ,. t . . . . . . . . . . . ,. . . . . . . . . . . . . I t ...... . . . . . . . . t (" R -\vi tch~ .. L Fil", ~ lb. "., ,...} og • I • • • , . , • • • , • • • • • • • • • • • • , .f ••••••• • ,~ ••• • • , r'¥'C r __ .. ~. .. _ . ~ __ . ~ ,. • _ •• t ~ _ • _ I • _ • • _ . . . . . . . . . . . . __ 4 • , . . - l' ~ S ,ootting Up .1 ... ... 'ure N envo.-k . . .. , a ,6 l'tu lite"'. . . . _ _ , , •. _ . _ .. ___ . . ___ .• ___ • _ . _ . _ . ' , • ___ , . . ___ . , _ _ _ " • . . . . . 7 \V'J tch S)f, Irgg .. __ .. H '\l Ire Jcs~ ,\cce .... lloin~_. t , . , ~ ~ • _ • _ • • ~ • I) . ......... ... ............. ... .......... .... ......... . .... .. .... . L • r p . . . . . . , • • • ~ . . . . . . . . . . . . . . . . . _ ~ • • ~ • ~ ... ~ • .. _ ~ t p • • • _ . . . r , • • I • • . . . .. _ .... ~ • .. • .. .. .. • .. _ .. _ .. I .. .. .. .. .. .. .. • • • • • • • • _ .. • • • ,. • • • • r , • , • • .. . • • • .. , , t . "-.. I"' ·'1"11',.. 'I.... "" .... •• .lIr, • • I I • • , , • • • I • • i • • • I . .. i • • • • • • ., • • i • • • t I • • • • I) , . . . . . ~) lt~~ It • . . . . . . . . . . ~ ••••• I • • • • • • • • • • ~ I • • • • ~ • • . . • . . . • . • . . . . . ...• , • • . • . . . . • . . . " . . . , . . .. t What fuppcllcd. . • . . . • . . .. , . , . . . . . . . . . . . . , ... . •.. . , , . .. , , .•. , ~ 110 FJ r I ' e pondt'r ', , __ •••• • __ .• _____ •• ___ •• ____ ..• ____ • ___ ••• __ HI' 190'\\ to R"'~-p(lild . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . , ... , , , ... , , , .. In P .... ~t'":llg rhe :,\',den C ....... . _ . _ ...•....... _ .......... _ .. • •. H~ Itclll:VJDt · ,.\'"S'o. .. . If I' Whom [ 0 ClU _ _ , . _ . , _ , . __ •. , __ . _ ..•.... _ . __ . , . __ .•. . _ ... •• _ I l __ • • • .. I l . • • • • ... 12 ' • • • • 4 . . . . . . . . ,. . . . . . . . . . ' i , . • • • 4 i • • 12 • •• 1-1 Chapte,r 1 :Oigital Forens cs and ,Analyzing Data •• , •••••••••••••• . ••• 15 I nnoaU(;U(1II ••• __ •••• _ • _ •• _ _ , • _____ • ___ ••• _ •• _ •••• _ • _ •• __ •• _ _ _ 1.(" he E vol uoon r COllll mer For u!ik.. _ ..••...• , . _ . _ .... . • , . , • . . . • . 16 Ile Ph,t~'~ n Igit I . . _ ••• , ... • . , .••• .•. • _ . , • , .. , , .•. 16 .ollL."'C'oon , I • • • I • • 17 . I F~ Document: OOU Diffieu lci~ .• __ • . , ____ ••.• _ , •.• __ . • . _ . J I nforceLUt'l1t I, lH' •. tIIJ1rmry .•.........•. , •. oluDom F. t T!'>Ick . . •.• , •. m{lul:ntl ' . - " Q u ' stj rI I) [ltp.1~t1ll n • .. •••.• , H :lI'f:h . • • .. " •••. . •.••.• " •• .•• •••• " .... I . . . . . . I • • • • • • • reIN - • • • • • • • • • • • • • • I • • • • • • • • , ~ . . . • • • • • • • • • • • • • • • • • • • • , • • • • I r • • • • .. .. 0- I • xi More free ebooks : http://fast-file.blogspot.com

~ ~ _ j 111 LL:1I1ri;drm n.ltlon . .. .. 3nd Anal .:t! .n ll > (Jug 1.):1t frum I AU Arn . (',,'ice~. .. . . .. • ......... .... , ......... 22 ~ • ~. • ~ . . . . . . . . ~ . . . . . . . . . ~ ... ~ • • • I ~ . . . . . i ,. • • ") I , . . . . . .. ........•... , . . . . . . • . . . . . • . . .. . • . . ........ _2 ~ ... , ....... ~ ........ , .. ... . , .... .. .. -3 ", , ollecung D:lta from 1rtUJJ Machine ..... ... " .. _3 J Iductillil M mot)' A'ql.ll! luon ....... _ 4 ·· ·· ·.·· .. ·····.··.······.IL ... ,I .... ... _ .. _ _5 I • • • I • • _ ~ .... + ~ .. .. _ .. of • .. • • t , • • I I I f ,~ j Utiluy of H.l.m Dlll'irultics A

G.OIit.l!'irt!l xiJ " eizu ~ Ml'dtt}lloJogy In r ('J dL , , __ . _ , . ..... , . , _ , . . . . , , , . ___ , , _" " I d~nr:i Icanon " .. , " .. .. •• . . , •.. . . , ... , , ... H igit.11 Mt'tli "rep I: '\r~'p ..;: Mill im i:l'ili g the CriHl Seen' b).' rtOEltiziug [h~ I hysical Mdb ....... , , .•... , ... , . , .... , ... .. i"l ure of longe Dc-vk '!> ~ nt! M ilia , ..... , . . . , , , . . . , , . . . 48 t·~ P J; b 'PulI the Plll' ur L Ol roPuH [he Plu . F. CTO~ Imlfltl Tlut Is we QUI'~'ti n , .. ,... .... ., .•. ,'..........,... lJ )1' J'b l'(h .)~ . " . , • , ...•.•. , •...• " " "!t i ZL: 0 M :Jia . . . , . . . , . , , . . . . , . . . . . . . . . .. ........,.,....".. 5 J [11 Wholeii' J S IZIlI1! -, P rl\ cy Ol1cerm... .,. ., .. .. ..... .. ... . ,.. .................. ;). I t! htys l-td,n\!d tJ; Laburii to·, n ~'~I .. , . .... . ..•. , , ..• , , , , . . , , . •. " I~ • UllITpt 0 rst R.e!'ponJ~ r ... .• ......... , . . . •. . , . . . , , . • . '".' rtioll\ Ie r Seizing Digital viti 'm:' , , ....••••. , , ... , , , .•.. , ... -;4 the 1thcr Respl1'nd in £0 ,J Victim 0 a rjme'\l hl."tl' Digiti] -vidc::nce Js Illvoh-ai . . . .. . •. .,......,...". . .."... -- . . 1 ~ to . . . __ oj ___ .. ~ .. . . . __ , .. ~ __ ..... r _ ~ . . . . oj ... • • '"' ci:tu rc '. Dw::murllng rlu:: Pre:.cnc~ .md LOGlbOJ1 I,) .ple _ . _ .. i ~ .... __ • \lid 'mia ty J):U;I (bjt' .. • . . _ . . . . . ... " ..... , , .. " , , , , . " • . , . . 5i\ , btalniTlg I nformari Oil from a Ru nnin~ omputl'r , .. "...,.".." .. " 'W • .. , ••. . ..•.• " •.. Mt hJt.I ~'l1g Irl ~ot I11.uiotl 001- InlJ ging Filli(C' I m . bjccts On- ccne .. . . . . . . . • . . . . . . . , . , . . . . . . . . () t U . of Tool!. or Dlgitll \'irlen(~ oUcctiOI1 •• " ••••• ,...,.,..."... 62 I1C .. . .• ,., •. . i • • • • I • II • .. .. _ •. ~ ~ • • ~ __ . .. __ ~ • + • ___ • I J1 roprl [C tIIuning til . Moq f'I.ltl > • • • • • • • . . • , • • • • • _ • • • • • (0 , .0 Inmon ThllE'aU) wn:hiu L 19'1lJ\ EVidence 'el%L R:' Me h:xl .•.••......••.... , ... M 1>C (J:S 'tUll Il1:.1 I oluriollli F.lsrTrn.c" . , ... , • , .•.. , ........•....••...... , . , . .. , ,. . 70 Ffl:'quendy A.~('rl QUC'_~UOfl! • • • •.• , , •. . • , ••• ••• •••. , •••• , , •••• , , • _ . 7_ • 7 J Chaptet 3fhe Mind!set of a iNetwOl'k AdmilnistI'.ator . •• ...... • ...... •.• 7S IntJo~u ti n .,. .." .. ,." .. ".... . .. .•... .. , ... ,',. ." ... 7 11 h eft' ork Adn)Hli~t[;;Lror? , .. , •••••.•.•••• " _ • . •.•. , •• _ • , , .' • 7fo be God omple, ..,., . ... " .....,......... ,.. ..,.,...".". 7 1 Joh . t' uri ,..... . . . , . . . . . . . , _ . . . . . .............. , . . . . . . . , . . n ~ .••• ~ . • . • , . , • • . . . .. • •• . ....... I ' .. _ . . . . .E:L1dnOll: ~ • • ~ __ .. ~ • .. .. • • • • • • • • . .. • • • • , • • . • U' No De El~ Km.I\\ Hm ' It Work! . I Will ConttnU'1: ttl "{;n'(' J '{lh ... " . .. ..,"... • •.• , .....••.... " .. 7:ri allfit'~. . . . . . . . , . . . , . , . . . . . . . . . . . . . . . . . . • . . . . . . . , . , . . . , . . • . 7 'od~~ EI1~im;,eril1g .. , ... , .. , ... , , ............••.....• , . , .... , .•. 7 ~ oo;!e Them ..• ... . . .. , . ... • ' ...... , .... , ......•..•... ,. • .. II More free ebooks : http://fast-file.blogspot.com

xiv Conl.I!I'IU od.d a T«fl H:...cklll~ ~ et"\ll' 'rin~ I[~. ~ 0 • • _ • • _ • • 0 • 0 • • • • • • • • • • 0 0 • • 0 • 0 • • • • • • • • • 0 ~. ~ _ .. , .... _ ... _ ••... ____ • I- .... ~ , • _ .. _ • • • • I> ' I 1 Illll'll. " r ._~ • • • • _~ . . . . . , . . . . . . . t • • • ~, • • • • • • • • • - oluti tl!i F-dS~ Track . . . ......... . .. 0 Fn:q Lleutly Asked QUt'StiOH ' . . . . . . . . . . . . . . . . . . . . . . . • . . .. 0 • 83 '-I Chapte'r 4 Arrival on 'the 5c,ene ••••••••••••••••••••••••••••••••••• 85 I nrr"L'>d'uc(~{) n of l>.. h Prep~nng for [he o"ne ..............,.......................... 7 7 Pre]1I1:1lltt1ry (:h~ ' kJis~ t. I ........... f .. ~ I . . . . . . . . . . . . . . . ~ t ~ . . . . . . . . . . . . . . . I I • • • • , ' - . . . . . ' " " ....... t . . . . . . . . . i p . . . . . . . . I t . . . . I I ........ t ......... t ~ _ .... i • • • .... .. .. .. t j, I I • • • . • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • ProcCdUrt:'5. . . . . . . . . , . • • • • . . . . . .• • . • . . • . • • • • . . . . . . . ...... . E"lIllIl'lIIt'lll • . . • . • . • . • • • • • • • . • . . . . . • . . . • • . • • . . • • . . • • • • . . •• ail .. . . . . . . . . . . I . . . . . . . . . . . . . . . . . ~ . . . . . . KY ~}fi:\v:tre ....... i : umfllunkil 'rll> \\lth '-I' nl1·~ •.••••...•..• ,............. , .......... I ....... _ .. 1 . . . . . .... ..... , i- PreC!. ~ un 1'l-S~nc 1-'1:; Ot:U IlII:.! n t.H Ion ........ t t t ... ~ . . . . . . . . I t .... _ ..... t .. ~ ~ I t , . . . . . . . t • _ _ ) • • • _ _ 0 • • • _ • • • • • • • __ • ~Cllrin~ tllt' toppltlj!, the Ua CtWQrk. lsol t-i on: I-'olicio 3D : Proc.:dul"t' ..•• " •.• ... •.•...•••• , •..• .. •.••..•. 90 Dhg fll.~ ..... . ...., .... _ .. _ . . _ . . .. 0 • 1.)1 J)' worili.... . . ... _ . . . ...• _ . . . . . _ ... _ . ... ...•.. _ , , ........ '>7 A e~ , nrtol LNt~ •• , .•.. , •.•.......••.. 0 • • • • • • • • • • • • • • • • 'is' 'ne; l)ID["cci~ EquiprIll.!nt ilnd Dara ....... . ..•..•....... 'I'; 1!,-ide-l1cc Tape and U~ .....•.................••..... . .......• 9 ' lfet}" .. ~+ . ~ ..... -. t . ~ ~ . . .. _ • • • ~ ~ ._ . . . . . ~ . . . . . . . . . . . t . . . . . . t • • • • • • lott . . • • • • . •• I (/ I . lOp .m An; k ,Oll Mu ~ U Abli: [() h.letlOry '~he Aua ok ... .. • _ " • .. . 111 I I\'\.: Acqu i~i tlOIi h Ncc-~ ... ~.I ' . . . . . . . . . . , . . . . . . . . 1112 I U:! I ' um em. 00 Ill)) 11 l. Do,unleor •.... 0 M:lill [;ImiLlS or R('~mnIlg Hu:slIlcss ominlliity ............ • . . . . . . . . . .. tel:! l H;: Ith Other gmele . . .... , . . . . . . .• . . . . . Hl4 . •.•. . •••....•••••••..•••••.•. 105 ri Ill\,' Rei (lrri~ Re

1m ur:llr ____ , Accul'll re •..•• PhY);I(,31 La Ut .•• P~Kb P;mi.'ls ... ~b]mg , , , , .. Hub ___ . , , . _ I • 01 .. .. · ... ~ .. , . , ~ • I • • • . ----~----- --~.~--. , .. ~ • • • • 4 L . . . . . . . , . . • • • • • ~ I • • • • • • • • • • • • • • ~ .... . . - . ' . ,. 1 rch~ . I~oul 'I> , , , etYeN _ , _ , I:.-Mail , • ~L ~ II..! Of

ifill Cont.~"'ts . • .. ~ .. ___ I ~ .. ~ • , • • • • , • • • • • , . . • ___ ~ . ~ _ ~ ~ _ ... _ • • • • • I • • • • • ~ • RAJ .ru .. _ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. l , ~ ~ . . . . I + .. ___ • _.. I 'i(. Te~net , I ___ ~ I SII I II The r Ildd~u{ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ............. . T T H3 UIUn1i1f)r . , ' , •••• , ~ .... ~ , , ••• I • • • • • , r 3 \·r Chapter 6 Ci:sco lOS Rout.er Basics . • . • . . • . • • .. . • • .. • . • . . . ...•. • .. •. 149 Llltrod L1cUon . . • • • • . • • • • • . . • • • . • • • • • . . • • • . . • • • • . . • • • • . . . • • • . •• 150 Cnfl11\! "ting [Tr;tt:k • . •• . . . • . ....•.... _ • ... •.....•.•. . . .•. ..•.•. k!d Qu Sli t1' ••••• ,.·.· .... ··.·· ... ··· ... · .. 1··.'··· tht: ~(}\lrer .••.•••.••••••.••••.•••••.•••• • •••••.•• t.~r]J1Ill I . I ' . . . . . . . . . . f . . . . . . . . . . . . . . . . . . , • • • t . . . . . . I • • • • I • • SOIUljOIl!> I Fn:qLl~ ul}' • . . . . . . . . . . . . . . . . . . I . . . . . . . . . . "solt. 1 n . I l:!r TIl The Au:...ili, ry POTt. •• . • • • • • • • • • • . . • • • . . • • • • . . . • • • • • • • • • . •• t Sf; 1- ') -In ,t • I lM l(07 167 l (i~ 16" ••• , ••• ".'t •••• , ••••. , •••• j , • • • ~ • • • • • • " . .. .• .. ....... .... ...... _ .. ~ . _ ......... ~ .. ~ ...... t . . . . . . . . . . . . . . . . . . . . . .. ~tli P ef1i\ ric A s.ismnr. . ••.•••....••••.•..•.••.•..•.•••••.. _ l oU[ r M ode~. • . . . , , ···'· .. II···.··.·.·,····.t" .. ··· ... ·l·'· set M O\ic (~ COIIlR'LJDru • • . • . . . , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. } \~leb InlerUce.. .. UiiCr A c'COli 11 t j C() ~ t . . . . . . . . ~ 10 to ~ ... " ... ~ I I . . . . . . . . . I H oj . . . . . . . . . . I I . . . . . j I • • • • I • • • • j . . . " r .. ... ... .. .. .. " t • • • • I i , , • • • • I U OTl~Ul"lltiClIl Mode Mode~ I th ugh ! 4. . • . . . . . . . . . . . . . . . . . . . . . • • . . . . . . . . . .. ~ (;1) .ulIllllJolh ..•. _ .•.•...•••. _ ..••. _ ••.•...••. _ . _ . . . . . • . •• l70 Privileged MoJe·. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. t 70 Cornllllnd~ ........ .. .............................. _ . . .. t 7·' ~ lohal . , • . . • . • • . • • • . . . . • • . . . . . . , . • • . • .. l7l Rou(I tls ~ rolO oIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • . . . . . . .. L 71 IJlt<.: rior

分享到：

赞收藏

资料库

Cisco Switch Forensics_ Investigating Analyzing Malicious Net....pdf

相关推荐

网络技术

热门标签

最新资料