Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Forensics. What is it? ► Remote data acquisition (disk capture) ► Remote collection of live systems (memory) ► Traffic acquisition (cables and.

Published byAshlynn Byrd Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Forensics. What is it? ► Remote data acquisition (disk capture) ► Remote collection of live systems (memory) ► Traffic acquisition (cables and."— Presentation transcript:

1 Network Forensics

2 What is it? ► Remote data acquisition (disk capture) ► Remote collection of live systems (memory) ► Traffic acquisition (cables and devices) ► Multiple examiners viewing single source

3 Technical ► Current tools don’t cut it  Validation – integrity of data  Multiple machine functions (network devices)  Traffic Capture (non TCP/UDP)  Data loss due to high traffic volumes  Content ID and analysis (VoIP, IM)  Traffic pattern recognition  Data reduction  Attribution (IP forgery, onion routing)  False Positives ► Dynamic systems  Speed and minimal system impact is a priority

4 Legal ► Privacy Issues  Commingling of data ► Jurisdiction  Interstate Warrants

5 Policy ► Banners and policy statements ► Logging requirements  Third party tools to meet our needs?  Pressure device vendors? ► Bill of rights  Balance need for attribution with individual rights

6 Short Term Goals ► Define network forensics ► Tools  Capture  Analysis (data normalization, visualization and mining)  Attribution ► Process  Best practices  Guidelines for various devices/situations

7 Long Term Goals ► Persuade Industry Provide Monitoring Ability ► OS development to enable capture of volatile data ► OS development to minimize commingling

Download ppt "Network Forensics. What is it? ► Remote data acquisition (disk capture) ► Remote collection of live systems (memory) ► Traffic acquisition (cables and."

Similar presentations

World Class Standards Smart Grids ETSI Strategic Topic Philippe Lucas © ETSI 2010. All rights reserved ETSI Smart Grid workshop, June 14th 2010.

World Class Standards Smart Grids ETSI Strategic Topic Philippe Lucas © ETSI All rights reserved ETSI Smart Grid workshop, June 14th 2010.
Network Systems Sales LLC

Network Systems Sales LLC
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Complex Recovery/ Data Reduction DFRWS 2002. Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.

Complex Recovery/ Data Reduction DFRWS Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.
EHR stakeholder workshop – 11th October 2007 1 EHR integration for clinical research: toward new interaction models ? Isabelle de Zegher.

EHR stakeholder workshop – 11th October EHR integration for clinical research: toward new interaction models ? Isabelle de Zegher.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT.

Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT.
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.

David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.
Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.

Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.

4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
EHealth Network Monitoring Network Tool Presentation J. Gaston Senior Network Design Seminar Professor Morteza Anvari 10 December 2004.

EHealth Network Monitoring Network Tool Presentation J. Gaston Senior Network Design Seminar Professor Morteza Anvari 10 December 2004.

Similar presentations

Ads by Google