In Part IV, we cover advanced methods of network defense. For example, Chapter 18 covers audit trail analysis, including log aggregation and analysis. Chapter 19 breaks new ground with a practical method for applying Bayes's Theorem to network IDS placement. Chapter 20 provides a step-by-step blueprint for building your own honeypot to trap attackers . Chapter 21 introduces the fundamentals of incident response, while Chapter 22 reviews forensics tools and techniques on both Unix and Windows.