With special thanks to Rob Lee, I will be presenting at the 2010 SANS Digital Forensics and Incident Response Summit in Washington, D.C.
Here are the two sessions that I’m involved with:
Friday, July 9th, 2010 – 9:30am – 10:30am
Bringing a Knife to a Gun Fight: The Arsenal Required for Modern Forensic Combat!
One of the most time consuming yet important aspects of any forensic investigation is the analysis of forensic information not located on the compromised machine. For example, logs from compromised systems and ancillary devices, such as routers, firewalls, and intrusion devices, combined with network-level flow and packet analysis help paint a picture of the compromise from start to finish. Reviewing data by hand, however, could take days, weeks, or even months to stitch together a timeline of events.
This talk serves to highlight the current forensic capabilities of Enterprise Security Information Management (ESIM) products, such as Security Information and Event Management (SIEM) and Log Management systems, and how you can best leverage the collected data to aid in forensic exercises. The speaker will also highlight how ESIM products need to evolve to best serve the forensic and incident response community in the future.
Friday, July 9th, 2010 – 10:50am – 11:50pm
Network Forensics Panel
Panelists will tell you the challenges faced by properly collecting and analyzing network based evidence. It is critical in investigations. Data collected from intrusion detection systems, firewalls, routers, proxies, and access points all end up telling unique stories that could be critical to solving your case. Learn the latest techniques thata re utilized in reacting to real attacks that these experts have responded to. This panel includes some of the best minds for the future of Network Forensics. Listen to what they have to say. Network Forensics: No Hard Drive? No Problem.
Hopefully I’ll see you there. Sign up today!