Investigating a hacking incident requires a holistic approach: analysis of volatile data, forensic static data and network forensic data. The latter discipline is the heart of the Cyber Response lab entitled Network Forensic Investigations of Hacking Incidents. Ondrej Krehel, CISO for Identity Theft 911, and Jaro Krett, senior IT security analyst of Loews Corp, will be teaching you network forensic skills, techniques for finding compromised hosts, and capturing & reconstructing malicious sessions.
Why is network forensics important to you? Anti-forensics attacker techniques are increasingly encountered in incident response investigations. However, few of the very busy IT, INFOSEC and legal departments have the skills to acquire and exploit network forensics intelligence. If you are prepared and able to capture network incident data sets for further analysis, it can be a great help to your forensic investigators. Advanced hacker tools can compromise systems, without leaving traces on hard disks; thus requiring volatile data and/or network forensic analysis. In many cases, the network forensic evidence itself has stood as primary evidence. With network forensic tools, any transmitted files can be analyzed, reconstructed and replayed, even if they don’t exist on the compromised system.
Ondrej and Jaro will be utilizing the open source Network Forensic Analysis Tools (NFAT) to help you build a network forensic toolkit, analyze and investigate recorded packets, and even create your own network forensics appliance. You will see how captured traffic is analyzed and reconstructed, and various artifacts found in the investigation will be discussed. As an advanced topic, having knowledge of incident response, network protocols such as TCP/IP, UDP, HTTP, HTTPS, and OSI model will make this lab more beneficial to you.
If network forensics is an area you want to develop additional expertise, this will be an excellent hands-on lab for you to attend. I will be there, taking notes!
Jessica Bair
Senior Director, Curriculum Development
@jessicambair
CEIC 2012 – Cyber Response Lab
Tuesday
4:00 PM - 5:30 PM
Network Forensic Investigations of Hacking Incidents
Ondrej Krehel, IDT911, LLC, Jaro Krett, Loews Corp
Skill Level: Advanced
No comments :
Post a Comment