5 Days Left to Save $400 on Cyber Threat Intelligence Summit 2017

Sydney 2014

Sydney, Australia | Mon, Nov 10 - Sat, Nov 22, 2014
This event is over,
but there are more training opportunities.

Logs, Logs, Every Where / Nor Any Byte to Grok

  • Philip Hagen, SANS Certified Instructor
  • Wednesday, November 12th, 5:30pm - 7:00pm

This presentation is free of charge. However, space is limited and will be allocated on a first-registered basis. Please register using the link below.

5:30pm-6:00pm Registration

6:00pm-7:00pm Presentation

In the practice of Network Forensics, we frequently lack the ultimate evidence - a full packet capture. Instead, we must seek other Artifacts of Communication, which provide insight to system communications that have long since concluded. These artifacts often come from log events created along the path of communication - switches, routers, firewalls, intrusion detection systems, proxy servers, and myriad other devices.

The skilled network forensicator will aggregate these different sources, and then apply sound analytic processes to the consolidated evidence. Only then can we build a comprehensive understanding of those network communication events and establish the best possible sequence of events around the incident in question.

In this presentation, we will discuss one tool that can be very effective in practice: Logstash. This is a free and open-source solution primarily intended for system and network administrators to observe live data. However, it can also provide great value to the forensicator, who must integrate disparate data sources and formats. New developments around Logstash also make it an ideal tool for the system-based forensicator as well, since supertime line data can be integrated to the broader view of evidence.

 

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Wednesday, November 12
Session Speaker Time Type
Logs, Logs, Every Where / Nor Any Byte to Grok Philip Hagen, SANS Certified Instructor Wednesday, November 12th, 5:30pm - 7:00pm SANS@Night