In this webcast, we'll dive into two network protocols that can provide tremendous benefit to an investigator or analyst. We've cherry-picked key material directly from the upcoming course \FOR572: Advanced Network Forensics and Analysis" to demonstrate actionable steps you can use to improve your investigative processes.
DHCP provides a vital link between network activity and the devices responsible for it. When closely pursuing targets of an investigation - often insider threats or other malicious actors with physical access to the environment - DHCP traffic and logs can provide a quick and direct path to the malicious actor's desk.
On the other hand, DNS traffic and logs provide a "one-stop-shop" to assess network activity across an enterprise that typically uses dozens or hundreds of different protocols and services. Analysts often reap huge benefits by cross-referencing DNS activity with NetFlow/IPFIX data, HTTP proxy logs, or any other evidence containing hostnames or IP addresses. With effective correlation, they can establish a clear understanding of malicious activity - even when the underlying data is encrypted or otherwise inaccessible.
FOR572 covers even more network protocols and investigative methodologies, and this webcast will be a primer that gives you big benefits - today.