Our research fellows Kelvin Wong, Anthony Lai and myself held a workshop on Real Network Security Kungfu:
Abstract:
Most of the ‘Network Forensics’ only focus on the packet (pcap) and net-flow analysis but it is just a part of the investigation. Investigator is not a ’Prophet‘, it is impossible to capture the traffic before the incident occurred, to trace the intruder/attacker. Network Forensics should cover not only the captured traffic but also all of the network-related evidences (located at memory, registry, web-applications and, of course network traffic) acquired from the compromised machine. The workshop will concentrate on the practical skills and recommend a best solution to the forensics professionals by a case study. Also we will demonstrate a new project (proposed by Ran2) which could identify the attacker at the early stage for the ease of the further investigation.
(ref: http://www.dfrws.org/2014eu/tutorials.shtml#kungfu)
No comments:
Post a Comment