iPad Air 2, Samsung Galaxy Tab A, or $350 Off with SANS Online Training Right Now!

Bangalore 2014

Bangalore, India | Mon, Sep 15 - Sat, Sep 27, 2014
This event is over,
but there are more training opportunities.

Logs, Logs, Every Where / Nor Any Byte to Grok

  • Philip Hagen
  • Thursday, September 25th, 7:00pm - 10:00pm

This presentation is free of charge, however space is limited and allocated on a first-registered basis. Please register using the link below.

7:00pm - 7:30pm Registration

7:30pm - 8:30pm Presentation

8:30pm - 8:45pm Q & A

8:45pm - 10:00pm Networking Cocktail and High Snacks

Location: Royal Orchid Hotel, Autumn Hall 1, Golf Avenue, (Adjoining KGA Golf Course), Airport Road, Bangalore, IN Phone: +91 80 4178 3000

In the practice of network forensics, we frequently lack the ultimate evidence - a full packet capture. Instead, we must seek other "Artifacts of Communication", which provide insight to system communications that have long since concluded. These artifacts often come from log events created along the path of communication - switches, routers, firewalls, intrusion detection systems, proxy servers, and a myriad other devices. The skilled network forensicator will aggregate these different sources, then apply sound analytic processes to the consolidated evidence. Only then can we build a comprehensive understanding of those network communication events and establish the best possible sequence of events around the incident in question.

In this talk, we will discuss one tool that can be very effective in practice: Logstash. Although Logstash is a free and open-source solution intended for system and network administrators to observe live data, it can also provide great value to the forensicator, who must integrate disparate data sources and formats. New developments around Logstash also make it an ideal tool for the system-based forensicator, since supertimeline data can be integrated as well.

 

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Vendor: Events hosted by external vendor exhibitors.
Wednesday, September 17
Session Speaker Time Type
Breaking and Fixing Critical Infrastructure Justin Searle, SANS Certified Instructor Wednesday, September 17th, 7:00pm - 10:00pm SANS@Night
Friday, September 19
Session Speaker Time Type
Vendor Solutions Expo Friday, September 19th, 12:00pm - 1:30pm Vendor Event
Thursday, September 25
Session Speaker Time Type
Logs, Logs, Every Where / Nor Any Byte to Grok Philip Hagen Thursday, September 25th, 7:00pm - 10:00pm SANS@Night