In the past, digital forensics focused on doing hard drive analysis and file system analysis to uncover what transpired in a crime. However, today's enterprise networks are vast universes. A critical clue to identifying the root cause of an incident could be found anywhere, including Web proxies, application servers, DHCP servers, log management systems and even network data flow records.
In this SearchSecurity.com webcast, experts Sherri Davidoff and Jonathan Ham explain how network forensic analysis is the equivalent of surveying an entire crime scene for evidence of digital crimes. Whether it be using flow records to uncover a brute-force attack or digging through Web proxies, they explain exactly what it takes to piece together a digital crime scene. How did certain data get into a hard drive? How did it get out? Who was involved in the transfer of the data? These are the sort of questions only network forensic analysis can answer.
They also take the time to answer questions from webcast attendees about the hottest topics in network forensics. This webcast provides an introduction to the tools and techniques needed to find evidence left behind from digital crimes.
About the experts:
Sherri Davidoff and Jonathan Ham are security consultants with Lake Missoula Group, LLC. They specialize in penetration testing, network assessments, forensics, and incident response.