Presented at DEF CON 16 (2008)
Need help understanding your gigabytes of application logs or network captures? Your OS performance metrics do not make sense? Then DAVIX, the live CD for visualizing IT data, is your answer!
To simplify the analysis of vast amounts of security data, visualization is slowly penetrating the security community. There are many free tools available for analysis and visualization of data. To simplify the use of these tools, the open source project DAVIX was put to life and is released this year at BlackHat/DEFCON.
At this "Bring Your Own Laptop" workshop we will introduce you to DAVIX. The workshop starts with an introduction to the set of available tools, the integrated manual, as well as customizing the CD to your needs. In a second part, you can use DAVIX to analyze a set of provided packet captures. In the end we will show some of the visualizations created by the participants. Be prepared for pretty and meaningful pictures!
For you to be able to participate in the analysis part of the workshop, you should bring an Intel or AMD x86 based notebook with at least 1GB of memory and a wireless LAN adapter. To avoid problems with the Wireless card setup we strongly recommend that you run DAVIX in VMware Player or VMware Fusion in NAT mode. The DAVIX ISO image should be downloaded before the workshop from the davix.secviz.org homepage. The network capture files will be made available during the workshop.
Raffael Marty: As chief security strategist and senior product manager, Raffy is customer advocate and guardian - expert on all things security and log analysis at Splunk. With customers, he uses his skills in data visualization, log management, intrusion detection, and compliance to solve problems and create solutions. Inside Splunk, he is the conduit for customer issues, new ideas and market requirements to the development team. Fully immersed in industry initiatives, standards efforts and activities, Raffy lives and breathes security and visualization. His passion for visualization is evident in the many presentations he gives at conferences around the world and the upcoming "Applied Security Visualization" book. In addition, Raffy is the author of AfterGlow, founder of the security visualization portal http://secviz.org, and contributing author to a number of books on security and visualization.
Jan P. Monsch
Jan P. Monsch is senior security analyst with the leading Swiss security assessment company Compass Security AG. He has almost 10 years experience in the field of IT security and most of it in the Swiss banking and insurance industry. His talent in understanding and assessing security in large environments has got him involved in several outsourcing projects with international participation. Apart from reviewing security he has trained many software developers, IT engineers and security officers in the fields of application and content security. His passion for application security and interest for better understanding security in real-world applications has lead him to the field of security visualization. The lack of broadly available solutions for data analysis and security visualization has motivated him to create DAVIX - The Data Analysis & Visualization Linux.