FOR572 Network Forensics Preview: IT'S ALIVE!!! Investigating with Network-based Evidence

  • Friday, 15 Nov 2013 1:00PM EST (15 Nov 2013 18:00 UTC)
  • Speaker: Philip Hagen
Today's digital forensic investigations and incident response activities increasingly include a network-based component. But even seasoned disk- and memory-based analysts must consider how this new domain differs from traditional forensic work. This webcast comes straight from \FOR572: Advanced Network Forensics and Analysis" material. We'll cover the challenges and opportunities common network architectures can provide and how to extract as much value as possible from them. We'll also discuss how a proactive approach can aid in the response to incidents that have not yet occurred... or not yet been discovered. Finally, we will cover how to address the unique operational security (OPSEC) requirements inherent in network-based analysis. Incorrect handling of network evidence or analysis activities could cause the attacker to stay fully aware of your investigation's progress, ensuring they remain one step ahead of the good guys. The upcoming FOR572 course will give you a comprehensive foundation on which to build a network forensics capability - this webcast will get you started.""