Logs, Logs, Every Where / Nor Any Byte to Grok
- Philip Hagen
- Thursday, September 25th, 7:00pm - 10:00pm
This presentation is free of charge, however space is limited and allocated on a first-registered basis. Please register using the link below.
7:00pm - 7:30pm Registration
7:30pm - 8:30pm Presentation
8:30pm - 8:45pm Q & A
8:45pm - 10:00pm Networking Cocktail and High Snacks
Location: Royal Orchid Hotel, Autumn Hall 1, Golf Avenue, (Adjoining KGA Golf Course), Airport Road, Bangalore, IN Phone: +91 80 4178 3000
In the practice of network forensics, we frequently lack the ultimate evidence - a full packet capture. Instead, we must seek other "Artifacts of Communication", which provide insight to system communications that have long since concluded. These artifacts often come from log events created along the path of communication - switches, routers, firewalls, intrusion detection systems, proxy servers, and a myriad other devices. The skilled network forensicator will aggregate these different sources, then apply sound analytic processes to the consolidated evidence. Only then can we build a comprehensive understanding of those network communication events and establish the best possible sequence of events around the incident in question.
In this talk, we will discuss one tool that can be very effective in practice: Logstash. Although Logstash is a free and open-source solution intended for system and network administrators to observe live data, it can also provide great value to the forensicator, who must integrate disparate data sources and formats. New developments around Logstash also make it an ideal tool for the system-based forensicator, since supertimeline data can be integrated as well.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Vendor: Events hosted by external vendor exhibitors.
Wednesday, September 17
|Breaking and Fixing Critical Infrastructure||Justin Searle, SANS Certified Instructor||Wednesday, September 17th, 7:00pm - 10:00pm||SANS@Night|
Friday, September 19
|Vendor Solutions Expo||—||Friday, September 19th, 12:00pm - 1:30pm||Vendor Event|
Thursday, September 25
|Logs, Logs, Every Where / Nor Any Byte to Grok||Philip Hagen||Thursday, September 25th, 7:00pm - 10:00pm||SANS@Night|