Part II. Traffic Analysis

Chapter 4, “Packet Analysis,” is a comprehensive study of protocols, packets, and flows, and methods for dissecting them.

Chapter 5, “Statistical Flow Analysis,” presents the increasingly important field of statistical flow record collection, aggregation, and analysis.

Chapter 6, “Wireless: Network Forensics Unplugged,” discusses evidence collection and analysis of wireless networks, specifically focusing on the IEEE 802.11 protocol suite.

Chapter 7, “Network Intrusion Detection and Analysis,” is a review of network intrusion prevention and detection systems, which are specifically designed to produce security alerts and supporting evidence.