SANS - Computer Forensics - Course Description

Day 1 | Day 2 | Day 3 | Day 4 | Day 5 |

Active evidence acquisition is the focus of day three. We'll analyze IDS/IPS, central logging servers, and Web proxies such as Squid during hands-on exercises throughout the day. By the end of day three, students will be using hex editors to carve cached evidence out of Web proxies, and reconstruct Web surfing histories using only the central Web proxy logs.

Topics - Day 3:
- Network Log analysis in depth
  - Centralized logging with syslog and syslog-ng
  - OS and authentication logs
  - Using Splunk for aggregation and correlation
- Network intrusion detection and analysis with Snort
- Web proxies, encryption, and SSL interception
  - Analyzing Web access histories (using Squid)
  - Web cache page reconstruction (using Squid)

SECURITY 558 Upcoming Events
Event	Location	Dates	Delivery Method
Community SANS Forensics DC 2010	Alexandria, VA	Feb 22, 2010 - Feb 26, 2010	Community SANS
SANS 2010	Orlando, FL	Mar 06, 2010 - Mar 15, 2010	Live Event

GIAC Certification

"This is awsome! We're seeing details that most people don't even know exist" - John Wright, Info Tech, Inc.

"The class provided in-depth, real world, hands-on information" - Robert Dale Drollinger, General Dynamics

SANS Institute

SANS Institute

© 2008 - 2009 The SANS™ Institute

SANS Web Privacy Policy: www.sans.org/privacy.php - Web Contact: webmaster@sans.org

SANS Press Room: www.sans.org/press / Policy On SANS Trademark Usage