Download Safari Books Online apps: Apple iOS | Android

Entire Site

Safari Books Online

    Free Trial

    Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


    • Create BookmarkCreate Bookmark
    • Create Note or TagCreate Note or Tag
    • DownloadDownload
    • PrintPrint
    Share this Page URL
    Help

    Chapter 7. Network Intrusion Detection a... > 7.5 NIDS/NIPS Evidence Acquisition

    7.5 NIDS/NIPS Evidence Acquisition

    Given the wide variation in hardware and software used to build NIDS/NIPS, the precise evidence that forensic investigators can gather, and the methods for gathering it, can vary considerably. In this section, we review the general categories of evidence that can be gathered from NIDS/NIPS and discuss the value to investigators and common interfaces for devices.

    7.5.1 Types of Evidence

    Depending on the vendor, alerts, rules, and packet captures may be accessed via local devices’ file systems, web management interfaces, client software, email, etc. In general, the evidence that we may be able to gather from NIDS/NIPS includes:

    Configuration

    Alert data

    Packet header and/or flow record information

    Packet payloads


      

    You are currently reading a PREVIEW of this book.

                                                                                            

    Get instant access to over
    $1 million worth of books and videos.

      

    Start a Free Trial