Chapter 11, “Network Tunneling,” discusses both legitimate and covert network tunnels, methods for recognizing tunnels, and strategies for recovering evidence from tunneled traffic.
Chapter 12, “Malware Forensics,” is a condensed history of malware development, including the evolution of command-and-control channels, botnets, IDS/IPS evasion, and the advanced persistent threat (APT). Along the way, we discuss how malware has changed—and has been changed by—forensic investigations.