Logs, Logs, Every Where / Nor Any Byte to Grok
- Philip Hagen, SANS Certified Instructor
- Wednesday, November 12th, 5:30pm - 7:00pm
This presentation is free of charge. However, space is limited and will be allocated on a first-registered basis. Please register using the link below.
In the practice of Network Forensics, we frequently lack the ultimate evidence - a full packet capture. Instead, we must seek other Artifacts of Communication, which provide insight to system communications that have long since concluded. These artifacts often come from log events created along the path of communication - switches, routers, firewalls, intrusion detection systems, proxy servers, and myriad other devices.
The skilled network forensicator will aggregate these different sources, and then apply sound analytic processes to the consolidated evidence. Only then can we build a comprehensive understanding of those network communication events and establish the best possible sequence of events around the incident in question.
In this presentation, we will discuss one tool that can be very effective in practice: Logstash. This is a free and open-source solution primarily intended for system and network administrators to observe live data. However, it can also provide great value to the forensicator, who must integrate disparate data sources and formats. New developments around Logstash also make it an ideal tool for the system-based forensicator as well, since supertime line data can be integrated to the broader view of evidence.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Wednesday, November 12
|Logs, Logs, Every Where / Nor Any Byte to Grok||Philip Hagen, SANS Certified Instructor||Wednesday, November 12th, 5:30pm - 7:00pm||SANS@Night|