FIRST - Improving Security Together 18th Annual FIRST Conference - June 2006 - Baltimore, Maryland

Design Your Network to Aid Forensic Investigation

Platinum Sponsor


Silver Sponsor


Local Host

CERT Coordination Center

Supporting Sponsors






Korea CertCC

Conference Schedule

Technical Track

Monday – June 26th, 14:00

Although security and related tools have improved over the years, all too often the first signs of a compromise appear in the form of a trouble ticket or problem report. Even though many monitoring methods are available, when deployed, security teams quickly find themselves buried in data or very busy with the care and feeding of such tools. This course will review network design and monitoring with the intent of identifying and providing adequate compromise detection, developing appropriate security response to suspicious ‚€œevents‚€Ě, and increasing readiness for forensics investigation. We will do this by identifying and setting security goals, applying simple, but adequate, monitoring methods to meet those goals, and developing some response methods for investigating and mitigating specific attacks. A production network architecture, including "lessons learned" during its development and maintenance, will serve as a case study for facilitated discussion.

Authors & presenters

  • USRobert Sisk †Presenter (IBM MSS – IBM Corporation, US)

Conference Schedule