Chapter 2.3 - Network Forensics & Log Analysis
Reconstruct attacks from packet captures, NetFlow, Zeek logs, and correlated auth/DNS/proxy logs. Covers chain of custody and MITRE ATT&CK mapping.
Reconstruct attacks from packet captures, NetFlow, Zeek logs, and correlated auth/DNS/proxy logs. Covers chain of custody and MITRE ATT&CK mapping.