Recently I was invited by the Ottawa Chapter of the High Technology Crimes Investigation Association (HCIA) to do a presentation as I was in Ottawa, Ontario teaching the SANS 503 - Intrusion Detection in Depth class. The topic I choose to speak on was "Building a Forensically capable network infrastructure".
What do I mean by forensically capable network?
- A network which allows a forensic investigator, network security analyst, intrusion analyst, etc., to be able to retrace the steps of any (potential) security issue which may be identified, thus allowing them to not only fix the current issue but prevent and or mitigate it in the future.
- These issues may include but not limited to identification of fraud, policy violations, security incidents, auditing, forensic investigations, inappropriate usage, etc
- While this can also be done for operational purposes such as establishing baseline, identifying operational (d)efficiencies, the objective of this presentation is strictly from bullet 2’s perspective
To read more download the presentation here.