The Network-Centric Incident Response and Forensics Imperative

Security staff often take a host-centric approach to determining the scope and damage of computer intrusions. Standard forensics techniques are hard-drive centric, with collection and analysis of live data only gradually being adopted. This presentation offers a complementary set of practices focusing on network-centric techniques. In an age of kernel-based rootkits and savvy intruders, sometimes only the network can tell the truth.