Network Forensics. What is it? ► Remote data acquisition (disk capture) ► Remote collection of live systems (memory) ► Traffic acquisition (cables and.

Slides:

Advertisements

Similar presentations

World Class Standards Smart Grids ETSI Strategic Topic Philippe Lucas © ETSI All rights reserved ETSI Smart Grid workshop, June 14th 2010.

Advertisements

Network Systems Sales LLC

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

Complex Recovery/ Data Reduction DFRWS Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.

EHR stakeholder workshop – 11th October EHR integration for clinical research: toward new interaction models ? Isabelle de Zegher.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.

Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.

The Most Analytical and Comprehensive Defense Network in a Box.

4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.

Access Control Chapter 3 Part 5 Pages 248 to 252.

System and Network Security Practices COEN 351 E-Commerce Security.

Network Security Testing Techniques Presented By:- Sachin Vador.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

EHealth Network Monitoring Network Tool Presentation J. Gaston Senior Network Design Seminar Professor Morteza Anvari 10 December 2004.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Joel Maloff Phone.com February, 2012.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

4/20/2017 7:57 PM.

1 Issues in Benchmarking Intrusion Detection Systems Marcus J. Ranum.

Network Management Chapter 18. Objectives Describe how configuration management documentation enables you to manage and upgrade a network efficiently.

DNN Performance & Scalability Planning, Evaluating & Improving : Part 2.

How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

COEN 252 Computer Forensics

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

The Most Analytical and Comprehensive Defense Network in a Box.

What is FORENSICS? Why do we need Network Forensics?

7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.

AGI Sharing Globes and Imagery Using Globeserver Sean Boyer - AGI.

COEN 252 Computer Forensics Collecting Network-based Evidence.

M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.

Vladimir Livshits Maricopa Association of Governments May, 2009

Module 4: Planning, Optimizing, and Troubleshooting DHCP

Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 11 09/27/2011 Security and Privacy in Cloud Computing.

1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.

Mastering Windows Network Forensics and Investigation Chapter 10: Introduction to Malware.

Thomas Schwarz, S.J. SCU Comp. Eng COEN 252 Collection of Evidence.

Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.

Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Do not turn on your computers.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Role Of Network IDS in Network Perimeter Defense.

Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.

Chapter 2 Incident Response Management Handbook Spring Incident Response & Computer Forensics.

Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

NTIS and Data Mining. NTIS Mission Promote Commerce and Federal data priorities Open access and open data Data services to public, industry, agencies.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Internet Business Associate v2.0

SIEM Rotem Mesika System security engineering

Understanding The Cloud

Network management system

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Deep Dive into the Blue VCU Infosec Team.

Infrastructure, Data Center & Managed Services

I have many checklists: how do I get started with cyber security?

DRIVERS FOR BUILDING NEW SYSTEMS: Speed and Versatility

Where we are Where we want to be Challenges What we are doing

Lesson 2: Internet Communication

Jeff Haller Managing Partner & CEO DataServ

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Presentation transcript:

Network Forensics

What is it? ► Remote data acquisition (disk capture) ► Remote collection of live systems (memory) ► Traffic acquisition (cables and devices) ► Multiple examiners viewing single source

Technical ► Current tools don’t cut it  Validation – integrity of data  Multiple machine functions (network devices)  Traffic Capture (non TCP/UDP)  Data loss due to high traffic volumes  Content ID and analysis (VoIP, IM)  Traffic pattern recognition  Data reduction  Attribution (IP forgery, onion routing)  False Positives ► Dynamic systems  Speed and minimal system impact is a priority

Legal ► Privacy Issues  Commingling of data ► Jurisdiction  Interstate Warrants

Policy ► Banners and policy statements ► Logging requirements  Third party tools to meet our needs?  Pressure device vendors? ► Bill of rights  Balance need for attribution with individual rights

Short Term Goals ► Define network forensics ► Tools  Capture  Analysis (data normalization, visualization and mining)  Attribution ► Process  Best practices  Guidelines for various devices/situations

Long Term Goals ► Persuade Industry Provide Monitoring Ability ► OS development to enable capture of volatile data ► OS development to minimize commingling