The Art Of Network Forensics presented at HITBSecConf Malaysia 2009

by Lee Chin Sheng,

Tags: Security Forensics

Summary : The Art of Network ForensicsPresentation AbstractNetwork forensics is defined as the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.In other words, it involves capture, preservation, analysis and presentation of network traffic. This talk will present the principle, knowledge and tools that are needed in order to adopt and apply the best practices of network-based forensics. We will present how network-forensics can complement host-based forensics for effective investigations of digital computer crime. In this lab session, we will introduce almost all the latest open source network forensics tools that are currently available and its offerings. A “crime scene investigation”-like apparoach will be applied, we will show how a forensic investigator can extract evidence from packet capture, create network event timeline, reconstruct and reassemble network sessions, analyze network flow and discover hidden communication channels.About Lee Chin ShengC.S.Lee is the Founder and CEO of DefCraft – a network security consultancy based in Malaysia. Lee has been in the network security industry for the past 6 years and was previously CEH trainer on wireless hacking and pentesting. Recently his focus has been one the art of detection and network Security Monitoring (NSM) concepts. He is an NSM practitioner who believes in using Open Source tools to complete his task. He has writen papers on dissecting and perform packet analysis and has been involved in projects involving vulnerability assessment, network incident handling and response as well as network based forensics.