SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsI was recently required to investigate an incident of Internet abuse that led to the discovery that one of our own administrators was a security risk. Though this investigation was triggered by an incidence of 'Internet abuse' the tools used and lessons learned are relevant for many types of security incident that require an internal investigation to discover the offender. This essay describes the detection investigation and various tools used to collect the evidence. Lessons learned from the investigation are included as well as some useful resources for security investigators s o they can be more prepared when they deal with internal computer security incidents.