23 November 2021 to 27 January 2022
Europe/Amsterdam timezone

IT Forensics for System Admins - Acquisition of Other Evidence

27 Jan 2022, 11:00
1h 30m


Mr Klaus Möller ( DFN-CERT)Mr Tobias Dussa (DFN-CERT)


Are there more indicators of compromise than the contents of RAM and harddisks? Yes, of course. And it may be vital stuff that it either lost on the suspect systems due to adversary activity or wasn't there to begin with. One example is represented by crucial log messages that are now only present on a central loghost. Another example would be network traffic information from switches, firewalls or network IDS that may corroborate leads that would otherwise be vague or circumstantial.

This webinar introduces some of the more common forms of indicators not present on local systems and how or where to obtain it.

Presentation Materials

There are no materials yet.
Your browser is out of date!

Update your browser to view this website correctly. Update my browser now