.

Network Forensic tools/practice/techniques

<<

charlottebandit

Newbie
Newbie

Posts: 49

Joined: Sat Jun 10, 2006 4:26 pm

Post Wed Dec 31, 2008 4:12 pm

Network Forensic tools/practice/techniques

How are you guys doing?  I was wondering what kind of tools are used to investigate networks to include routers, switches, firewalls, IPSs, and other advanced security technologies?  Does this mostly consist of reading each line of syslog info?

Just how far ahead or behind are the professional tools out there for this?
MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS
<<

adamj

User avatar

Newbie
Newbie

Posts: 17

Joined: Wed Jan 23, 2008 11:49 pm

Location: Maryland

Post Fri Jan 02, 2009 11:59 pm

Re: Network Forensic tools/practice/techniques

Hi.  There's a tool called Firewalk which may be worth checking out, and there's a tool which looks like it's designed to audit Cisco firewalls/routers called Router Audit Tool; see http://www.cisecurity.org/bench_cisco.html
<<

jimbob

Post Tue Jan 06, 2009 8:36 am

Re: Network Forensic tools/practice/techniques

charlottebandit wrote:Does this mostly consist of reading each line of syslog info?

You could consider splunk for processing log files from network devices.

http://www.splunk.com/
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sat Feb 14, 2009 2:52 pm

Re: Network Forensic tools/practice/techniques

These sytems are called SEM, SIM, or SIEM (Security [Event] [Incident] Management) systems that will correlate, monitor and alert on logs. This type of system will take logs and parse it for you and make drilling into (or detecting) and issue much easier. There is no realistic way you can monitor your the tremendous amount of log data without something to help you out.
twitter.com/timmedin | http://blog.securitywhole.com

Return to Forensics

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software