Part IV. Advanced Topics

Chapter 11, “Network Tunneling,” discusses both legitimate and covert network tunnels, methods for recognizing tunnels, and strategies for recovering evidence from tunneled traffic.

Chapter 12, “Malware Forensics,” is a condensed history of malware development, including the evolution of command-and-control channels, botnets, IDS/IPS evasion, and the advanced persistent threat (APT). Along the way, we discuss how malware has changed—and has been changed by—forensic investigations.