Knowing how to perform basic network forensics can go a long way in helping infosec analysts do some fundamental analysis to either crush the mundane or recognize when its time to pass the more serious attacks on to the the big boys. This presentation covers environment options for making your network monitor-able, three quick steps to triage and analyze alerts, and integrated distros that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a “ninja” per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of network forensics.
grecs has two decades of industry experience and undergraduate/graduate engineering degrees. After doing the IT grind, he discovered his love of infosec and has been pursuing it since. Currently, he spends his days as a senior cyber analyst enhancing customer defenses through advanced analysis, customized training, and engineering improvements. In his free time grecs is an international speaker and blogger covering a range of defensive topics.