About speaker:
“Dr Anton Chuvakin, GCIA, GCIH, GCFA (http://www.chuvakin.org) is a recognized security expert and book author. In his current role as a Director of Product Management with LogLogic, a log management and intelligence company, he is involved with defining and executing on a product vision and strategy, driving the product roadmap, conducting research as well as assisting key customers with their LogLogic implementations. He was previously a Chief Security Strategist with a security information management company.

A frequent conference speaker, he also represents the company at various security meetings and standards organizations. He is an author of a book “Security Warrior” and a contributor to “Know Your Enemy II”, “Information Security Management Handbook”, “Hacker’s Challenge 3″ and the upcoming book on PCI. Anton also published numerous papers on a broad range of security subjects. In his spare time he maintains his security portal http://www.info-secure.org and several blogs.”


Talk:
System, Network and Security Log Forensics

Abstrakt:
The presentation will cover the use of various system and network logs, audit trails as well as security devices logs in forensic processes for incident response. It will start with an important issue of defining “log forensics.”

It will then describe a methodology for log collection and analysis ? with forensic use in mind - as well as practical examples and investigations. Logs often will provide most of the answers needed for the investigators (such as the attack success confirmation and details attacker’s behavior) without diving deeply into a time-consuming expensive and often unreliable disk image forensics. Another rarely covered but critical item that will be discussed is preserving log evidence integrity and possible challenges to such integrity.