Overview Of Network Forensics, Log Collection and Analysis
Special Guest – Phil Hagen of SANS Institute & Red Canary
In this episode, we are joined by Phil Hagen who will be giving a basic overview of network forensics and log review. Phil is not only the curriculum co-lead at SANS Institute, but he also works at Red Canary and is a course author for advanced network forensics.
Phil will be teaching what he calls “Elastic Stack 101”—a mini-course using multiple resources that provides a general overview of Elastic Stack. The course shows a number of practical use examples as well as providing more advanced ways to delve into these products.
One of the best aspects of Elastic Stack is that all of the core components are free and open-source. Formerly known as “ELK Stack,” Elastic Stack is composed of three core components: Elasticsearch, Logstash, and Kibana, plus log shippers. Phil will dive into each while also explaining a newer feature called “Beats.”
Beats is a log shipper for various data types. It utilizes a wide range of highly efficient code that can read in some form of source data and then ship it over either to Logstash or directly to Elasticsearch.
Listen to the full episode to hear an in-depth explanation of network forensics and log review from one of the best teachers in the industry.