Security staff often take a host-centric approach to determining the scope and damage of computer intrusions. Standard forensics techniques are hard-drive centric, with collection and analysis of live data only gradually being adopted. This presentation offers a complementary set of practices focusing on network-centric techniques. In an age of kernel-based rootkits and savvy intruders, sometimes only the network can tell the truth.
Last updated: July 12, 2006
Size: 512 Kb
Authors & presenters
Richard Bejtlich (TaoSecurity, US)