Network Investigations and Incident Response

by Dario Forte, Eoghan Casey


Digital Forensics is becoming an integral part of information assurance, enabling organizations to handle security breaches, policy violations and legal compliance preservation obligations more effectively. Whether your organization is faced with employee malfeasance, computer intrusions, civil disputes or government and regulatory inquiries, you need to know where to find digital evidence on your network and how to preserve and utilize it. In this technical workshop you will learn to prepare for, and deal effectively with, severe security breaches that result in the exposure of sensitive data. This workshop is suitable for individuals who are interested in or are already performing technical aspects of digital investigations in your organization. This technical workshop will also be of interest to Managers, Lawyers, Compliance Officers, and Auditors who need to understand the types of digital evidence that is available on computers.
Hands-on investigative scenarios and exercises are used throughout this workshop to teach practical technical skills and to help IT managers, Lawyers, internal Auditors, Compliance Officers, and technical Staff.  Using actual data, including memory dumps and network logs, attendees will learn the wide range of skills needed to preserve and analyze volatile digital evidence when networks are compromised and sensitive data are exposed. 
Procedures and tools for properly collecting and examining volatile digital evidence from high-availability systems and networks are covered. Additionally, state of the art Forensic analysis techniques and associated tools are presented, and the value of correlating network-level evidence from IDS systems, firewall, and other network devices and monitoring systems is demonstrated through investigative exercises and Case Studies.

The delegates will receive a copy of the books "Digital Evidence and Computer Crime"  and "Malware Forensics" by Eoghan Casey.


Main Topics

  • Forensic examination of live systems
  • Preservation and examination of memory contents
  • Remote Forensic examination and acquisition
  • Detailed analysis of compromised systems
  • Safe inspection of Malware
  • Best Practices for handling digital evidence on Networks
  • Network traffic as a source of evidence
  • Using logs on a Network as evidence
  • Forensic examination of Network devices
  • Network correlation and reconstruction
  • Court admissibility of live analysis
  • Using the Internet as an investigative tool
  • Building a solid case