Packets or It Didn't Happen: Network-Driven Incident Investigations

Thursday, 20 May 2021 2:00PM EDT (20 May 2021 18:00 UTC)
Speakers: Alan Hall, Jake Williams

The way we handle incident response has changed in recent years. With it, so has the role of network data in incident response investigations. In this webcast, SANS Senior Instructor Jake Williams and Symantec's Broadcom's Alan Hall examine the use of network traffic capture in today's incident response environment. They will explore questions such as:

Is there any replacement for a full PCAP?
Can endpoint antiforensics activities be confirmed with packet capture?
What can network traffic tell us if an attackers can perform anti-forensics on the endpoint?
Even without TLS break/inspect, is there any value in analyzing encrypted communications?

Be among the first to receive the associated whitepaper written by Jake Williams.

Login to Register

Sponsor

Related Content

OO - Blog - November 2024's Top Threats_340 x 340.jpg

Digital Forensics, Incident Response & Threat Hunting

November 25, 2024

SANS Threat Analysis Rundown in Review: Breaking Down November 2024’s Top Threats

There’s always plenty of news on cyber threats to discuss, and this month was no exception.

DFIR - Blog - Women In Russian-speaking Cybercrime_340 x 340.jpg

Digital Forensics, Incident Response & Threat Hunting

November 18, 2024

Women In Russian-Speaking Cybercrime: Mythical Creatures or Significant Members of Underground?

Women’s roles in Russian-speaking cybercrime, though less visible than men’s, are evolving and significant.

Anastasia Sentsova

Anastasia Sentsova

DFIR - Blog - New FOR518- Mac and iOS Forensic Analysis Poster Update_340 x 340.jpg

Digital Forensics, Incident Response & Threat Hunting

November 11, 2024

New FOR518: Mac and iOS Forensic Analysis Poster Update

The latest updates to the Digital Forensics and Incident Response Poster bring a wealth of new sections and enhancements.