In Part IV, we cover advanced methods of network defense. For example, Chapter 18 covers audit trail analysis, including log aggregation and analysis. Chapter 19 breaks new ground with a practical method for applying Bayes’s Theorem to network IDS placement. Chapter 20 provides a step-by-step blueprint for building your own honeypot to trap attackers. Chapter 21 introduces the fundamentals of incident response, while Chapter 22 reviews forensics tools and techniques on both Unix and Windows.