Tutorial 2011 - Network Forensics: Introduction to Retrospective Network Analysis

Network Forensics: Introduction to Retrospective Network Analysis
Bhadran V K, Director, Resource Centre for Cyber Forensics
Centre for Development of Advanced Computing, Trivandrum, India

Network forensics is the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents occurring in a network. In order to analyze a cyber crime network forensics experts need to have expertise in various fields like malware analysis, memory analysis, IP trace techniques and should be well aware about the different kinds of attacks on the networks. Retrospective network Analysis allows one to go “back in time” to reconstruct a failure or attack to identify what happened and trace back to the originator of the crime. Traditional real time packet capture and analysis helps in analyzing the protocol and traffic while RNA acts like a 24/7 monitoring of the network for all events just like a surveillance camera.
This tutorial gives the participants

An Introduction to Network Forensics
Procedure
Live Forensics
Memory Analysis
Traceback
Understanding Network Protocols
Packet Capture Techniques
Packet Analysis techniques
Discussion on various RNA tools

Bhadran V K is Director, Resource Centre for Cyber Forensics at the Centre for Development of Advanced Computing, an autonomous institution of the Indian government undertaking application oriented research in Electronics and ICT. The Centre has developed various kinds of Cyber Forensic Tools for disk forensics, network forensics and device forensics. Bhadran has been pivotal in establishing the Resource Centre for Cyber Forensics and is currently leading the development activities in network forensics and working on developing an Enterprise Forensics System with advanced capabilities for policy based monitoring and mitigation of malicious activities emanating inside the organization and external threats based on a layered approach "TEAMS - Transparent Enterprise Activity Monitoring Solution". He has more than 25 years of experience in the field of ICT and a strong background in Artificial Intelligence areas such as Expert Systems, Intelligent Tutoring Systems, Natural Language Processing Systems, Machine Translation and Robotics. He is faculty for Network Forensics at various training programs for law enforcement, defense, and corporate organizations. He has spoken at various seminars across India on network forensics and network security and is a regular guest speaker on Cyber Crimes, Network Forensic and Network Security at various Engineering Colleges including the Military College of Telecommunication Engineering, MHOW, India. Bhadran has also participated in other international network forensic workshops where he trained in South East Asian countries, and Mauritius. Bhadran has also acquired training in Information Security, Incident Handling and Cyber Forensics at the CERT-Coordination Centre, Carnegie Mellon University, USA and Hacker Techniques and Exploits by the SANS Institute. Bhadran is also the recipient of the Dr. Vasudev Award for the year 2002 for physical sciences constituted by the State Committee on Science, Technology and Environment, Govt. of Kerala. Recently Bhadran completed Advanced Level Training on Information Security at Software Engineering Institute, CERT, USA and presented a tutorial on Network Forensics at International Conference on Digital Forensics and Cyber Crimes, Abudhabi.