Network Forensics Analysis: A New Paradigm in Network Security

In this hour-long webinar, security expert and Global Knowledge instructor Phillip D. Shade will provide insight into the emerging network security science of network forensics analysis, a.k.a. security event analysis and reconstruction. Using case studies, you will examine the role of data retention in network forensics analysis, and you will learn about applying forensics analysis techniques to handle application-based attacks, VoIP call interception, and worms, bots, and viruses.

Outline:

• Sobering Statistics
• Network Forensics: Five Key Questions
• State of Current Network Security and Response
• New Paradigms
• Case Study #1: Data Storage and Retention: New Perspectives
• Case Study #2: Application-Based Attacks
• Case Study #3: Worms, Bots, and Viruses

The ringing of the phone heralds the news that every network security professional dreads: "I think the network was hacked." Suddenly, you are faced with answering five questions you hoped never to face:

1. Who was the intruder?
2. How did the intruder penetrate my security precautions?
3. What damage has been done?
4. Did the intruder leave anything behind, such as a new user account, a Trojan horse, or some new type of worm or bot?
5. Did I capture sufficient data to analyze and reproduce the attack and verify the fix will work?

The classic model of network forensics requires retrieving a myriad of data elements from a multitude of sources such as firewall logs, router logs, Intrusion Detection Systems (IDS), server logs, and hard drive and system dumps. The resulting collection must then be pieced together into a coherent picture. More often, it results in an incomplete picture.