The Windows Digital Forensics Cookbook
Looking Outside the Box
By Phill “Sherlock” Shade

Part I – The Tools
Chapter 1 – Setting the Stage – a brief history of network Forensics
Chapter 2 – Wireshark – Collecting the Evidence
Chapter 3 – Evaluating the Evidence – Key Wireshark Forensics Features
Chapter 4 – Getting to the Key Packets – Selecting and Filtering
Chapter 5 – What Went Wrong? – Analyzing Suspect Behavior

Part II – The Key Protocols for Network Forensics Analysis
Chapter 6 – Overview of Network Protocol Stacks (Not Just TCP/IP)
Chapter 7 – Device Configuration Protocols – DHCPv4 / DHCPv6
Chapter 8 – Locating Devices & Resolving Addresses – ARP / ARP / DNS / DNSSec / MDNS / LLMNR
Chapter 9 – The Network Layer – IPv4 / IPv6 / IPX
Chapter 10 – Utility & Troubleshooting Protocols – Internet Control Message Protocol (ICMPv4 / ICMPv6)
Chapter 11 – Connecting to Services – The Transport Layer – TCP / UDP / SCTP / QUIC / SPDY
Chapter 12 – Forensics Analysis of The Application Layer & Common Internet-Based User Protocols
Chapter 13 – Forensics Analysis of Encryption Protocols

Part III – Introduction to Forensics Analysis of Multimedia Protocols
Chapter 14 – Voice, Video, T.38 and T.120 over IP

Part IV – Introduction to Forensics Analysis of Wireless (WiFi) Traffic
Chapter 15 – Wireless / Wi-Fi
Chapter 16 – SoHo / Internet of Things (IoT) Technologies

Part V – When Things go Wrong – Attacks, Exploits, etc.
Chapter 17 –
Chapter 18 – Recap – Detecting, Analyzing and Reconstructing Suspicions Activates

Appendix ‘A’ – Reference Information, Tables and Other Useful Stuff
Appendix ‘C’ – Wireshark Command Line Program and User Guides
Appendix ‘D’ – Merlion’s Keep – Wireshark USB Capture Guide

Contact us for more information.