Threat Hunting with Network Forensics: Using network forensic techniques to detect threats

Presented at ToorCon San Diego 20 (2018), Sept. 14, 2018, 9 a.m. (75 minutes)

This presentation looks at TCP/UDP network traffic and protocols to identify what information can be of great value when either detecting a threat or responding to an alert.

Although traditional system and security controls may exist, humans are still a part of building and fielding applications running in a modern IT shop. The likelihood of significant flaws in the applications, or configurations of the systems, opens the risk of a security breach or compromise that may signal an alert in a log file, or on an automated intrusion detection system. This presentation looks at TCP/UDP network traffic and protocols to identify what information can be of great value when either detecting a threat or responding to an alert.


Presenters:

  • Tom Arnold
    The presenter has over 20-years in digital forensic investigation and is specifically training as a network forensic examiner. He's presented cases to the US FBI, US Secret Service, UK NCA, and Interpol for action. Tom Arnold is Co-founder and Vice President of PSC, part of NCC Group. Based out of San Jose, California, he heads PSC’s Digital Incident Response and Forensics team and specializes in internal and external security assessments related to US and international standards. He leverages his payments background to evaluate and design security controls and secure systems that accept a variety of traditional and emerging consumer payment technologies. Among his clients are trans-global payment processors; over-the-air and traditional card production/personalization companies; global telecommunication companies; travel and hospitality companies; and, large multi-national retailers.

Links:

Similar Presentations: