SANS Digital Forensics and Incident Response Blog: Author - Phil Hagen

2015 DFIR Monterey Network Forensic Challenge Results

2015-03-04 UPDATE: I've added some thought process/methodology to the answers inline below. Thanks to everyone that submitted or just played along with the SANS DFIR Network Forensic Challenge! We had over 3,000 evidencedownloads, and more than 500 submissions! Per the rules, the winner must have answered four of the six questions correctly. Then, by random … Continue reading 2015 DFIR Monterey Network Forensic Challenge Results


Sneak Preview: FOR572 on PaulDotCom June 12, 2013

You might have noticed that we recently posted the course description for the upcoming all-new course, FOR572: Advanced Network Forensics and Analysis. FOR572 will go include a lot of tcpdump and Wireshark work, but also goes beyond that, using a "big picture" approach that incorporates evidence and methods covering all kinds of network-based systems and … Continue reading Sneak Preview: FOR572 on PaulDotCom June 12, 2013