3 Days Left to Get MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

Packets or It Didn't Happen: Network-Driven Incident Investigations

  • Thursday, May 20, 2021 at 2:00 PM EDT (2021-05-20 18:00:00 UTC)
  • Jake Williams, Alan Hall


  • Symantec

You can now attend the webcast using your mobile device!



The way we handle incident response has changed in recent years. With it, so has the role of network data in incident response investigations. In this webcast, SANS Senior Instructor Jake Williams and Symantec's Broadcom's Alan Hall examine the use of network traffic capture in today's incident response environment. They will explore questions such as:

  • Is there any replacement for a full PCAP?
  • Can endpoint antiforensics activities be confirmed with packet capture?
  • What can network traffic tell us if an attackers can perform anti-forensics on the endpoint?
  • Even without TLS break/inspect, is there any value in analyzing encrypted communications?

Be among the first to receive the associated whitepaper written by Jake Williams.

Speaker Bios

Jake Williams

Jake Williams is a SANS analyst, senior SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attacks on-premises and in the cloud.

Alan Hall

Alan Hall is head of product marketing for Broadcom's Symantec Security Analytics. He joined Symantec through the acquisition of Blue Coat. Prior to Blue Coat, he was the senior director of marketing at Solera Networks, a leader in network forensics and threat visibility solutions. Alan has more than 25 years of experience with networking and security technology leaders. 

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.