DNS Evidence: You Dont Know What Youre Missing

  • Friday, 22 Apr 2016 1:00PM EDT (22 Apr 2016 17:00 UTC)
  • Speaker: Philip Hagen

Webcast description: With hundreds of network protocols used in a typical network environment, it's easy to get overwhelmed during an investigation. Similarly, the technical and legal hurdles to proper full-packet-capture operations leaves critical gaps from evidence such as firewall logs, intrusion detection system logs, or NetFlow. However, regardless of the protocols used, the Domain Name System (DNS) is often a commonality that forensicators may overlook. DNS may not be glamorous, but it often provides critical insight and context during network forensic cases. Even alone, passive DNS logs can provide an excellent baseline of activity for any environment.

In this webcast, well explore some simple and effective ways to create logs of DNS traffic, what specific value they can provide for other evidence types, and how to exploit these logs at scale.


Join us at the Digital Forensics & Incident Response Summit in June!

The 9th annual Digital Forensics and Incident Response Summit will once again be held in the live musical capital of the world, Austin, Texas. The Summit brings together DFIR practitioners who share their experiences, case studies and stories from the field. Summit attendees will explore real-world applications of technologies and solutions from all aspects of the fields of digital forensics and incident response, all in one single place.

Summit Dates: June 23-24 | Training Course Dates: June 25-30 | Register at sans.org/dfirsummit.