Meling Mudin

Presentation Title The Art of Network Forensics
Presentation Abstract

Network forensics is defined as the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.

In other words, it involves capture, preservation, analysis and presentation of network traffic. This talk will present the principle, knowledge and tools that are needed in order to adopt and apply the best practices of network-based forensics. We will present how network-forensics can complement host-based forensics for effective investigations of digital computer crime. In this lab session, we will introduce almost all the latest open source network forensics tools that are currently available and its offerings. A “crime scene investigation”-like apparoach will be applied, we will show how a forensic investigator can extract evidence from packet capture, create network event timeline, reconstruct and reassemble network sessions, analyze network flow and discover hidden communication channels.

About Meling Mudin

Mel has been in the computer security industry for the past five years. He was previously a system architect at SCAN Associates where he was responsible for developing the Malaysian government’s largest network security monitoring center. He has also been involved with the organization of HITBSecConf conference for the last three years, specifically, in running its popular Capture the Flag hacking competition. In the past five years in the industry, he has been involved in various aspects of computer security including penetration testing, software and product development, training, network defense, system administration, and as well as being a freelance consultant. He currently runs a start-up company that develops vulnerability and patch management software.