|
Presenter
|
Phillip D. Shade
Global Knowledge instructor Phillip D. Shade,
CNX-E, CWNA, PASTech, WNAX-Forensics, is the founder of Merlion’s
Keep Consulting, a professional services company specializing in
network and forensics analysis.
An internationally recognized network security
and forensics expert with over 30 years of experience, Phillip is a
member of FBI InfraGard, Computer Security Institute, and the IEEE
and a volunteer at the Cyber Warfare Forum Initiative.
|
|
Overview
|
The ringing of the phone heralds the news that
every network security professional dreads: “I think the network
was hacked.” Suddenly, you are faced with answering five questions
you hoped never to face:
- Who was the intruder?
- How did the intruder penetrate my security
precautions?
- What damage has been done?
- Did the intruder leave anything behind, such
as a new user account, a Trojan horse, or some new type of worm or
bot?
- Did I capture sufficient data to analyze and
reproduce the attack and verify the fix will work?
The classic model of network forensics
requires retrieving a myriad of data elements from a multitude of
sources such as firewall logs, router logs, Intrusion Detection
Systems (IDS), server logs, and hard drive and system dumps. The
resulting collection must then be pieced together into a coherent
picture. More often, it results in an incomplete picture.
In this hour-long webinar, security expert and
Global Knowledge instructor Phillip D. Shade will provide insight
into the emerging network security science of network forensics
analysis, a.k.a. security event analysis and reconstruction. Using
case studies, you will examine the role of data retention in
network forensics analysis, and you will learn about applying
forensics analysis techniques to handle application-based attacks,
VoIP call interception, and worms, bots, and viruses.
|