Digital forensics

Computer Forensics: Snort Logs Analysis

Sometimes the best evidence of a network intrusion resides in network or traffic logs. Snort is a well known open-source traffic analysis and network intrusion detection tool. However, using the logs from Snort we can also see how the intrusion happened, rather than just that an intrusion happened.

We’ll use Snort to show how we can piece together what happened and when it happened without depending on traditional hard drive forensics. Computer forensics investigations are often described as trying to find a needle in a haystack. Doing traffic analysis is one way to make that stack of hay much smaller and make that needle much bigger.

In this video, one of the bonus labs from the InfoSec Institute Computer Forensic Online Training, we will examine the output of a Snort Log to:

Investigate a suspicious program and user account.
Monitor the command line traffic on the suspicious machine.
Review the commands used to install an unauthorized program.

We will also cover the process of locating and researching an unidentified program in a system.

Hope this video helps,
Keatron

Posted: April 8, 2011

Keatron Evans

View Profile

Keatron Evans is at the forefront of AI-driven cybersecurity innovation. As VP of Portfolio Product and AI Strategy at Infosec, he leads the development of cutting-edge solutions that are redefining industry standards. With over 20 years of experience, Keatron brings a unique blend of expertise:

AI pioneer: AWS-certified Generative AI Subject Matter Expert
Product visionary: Drives Infosec's AI-integrated cybersecurity product strategy
Cybersecurity expert: Author of "Chained Exploits: Advanced Hacking Attacks from Start to Finish"
Intelligence sector innovator: Founding member of an AI company that developed offensive cybersecurity tools for U.S. intelligence organizations

Keatron is a sought-after speaker at major industry events like the RSA Conference and a trusted expert for media outlets including CNN and Fox News. His forward-thinking approach focuses on harnessing AI to create adaptive cybersecurity solutions, positioning him as a key influencer in the private and public sectors. Beyond his professional pursuits, Keatron is an avid martial artist and musician, bringing a multifaceted perspective to his innovative work in technology and leadership.