Presented at
DEF CON 7 (1999),
Unknown date/time
(Unknown duration)
This session will address the techniques used to investigate network-based intrusions, especially those originating from the public Internet. Emphasis will be on techniques that provide an acceptable chain of evidence for use by law enforcement or in anticipation of civil litigation. We will cover back-tracing, forensic tools, end-to-end tracing and evidence collection and preservation as well as the forensic use of RMON2-based tools for documenting the path of an attack.
Presenters:
-
Peter Stephenson
- Principle consultant of the Intrusion Management and Forensics Group (IMF)
Peter Stephenson is a well-known writer, consultant and lecturer with an international reputation in large scale computer networks and information protection. He has lectured extensively on network planning, implementation, technology and security. He has written or co-authored 14 books (including foreign language translations) and several hundred articles in major national and international trade publications. He is the principle consultant for InfoSEC Technologies division of Sanda International Corp.
Mr. Stephenson has participated in investigations of computer system intrusions, Internet misuse and abuse and has performed forensic analysis of computer disk drives as well as backtracing analysis of intrusions coming from the Internet. He has used forensic techniques to recover lost data from computer disk drives.
Stephenson is a member of the Information Systems Audit and Control Association (ISACA), the Information Systems Security Association (ISSA) and the High Technology Crime Investigation Association (HTCIA). He provides volunteer assistance on request to the Michigan State Police and other law enforcement agencies.
Links:
Similar Presentations: