Using Snort as a Forensics Tool (Dojosec)

Much has been published regarding the open source intrusion detection system software known as Snort's What is less known is Snort's ability to read previously captured binary packet capture (PCAP) files from various network devices, process these files, and produce meaningful output for responders, analysts, investigators, and examiners. Snort users also have the ability to create customized rules and include within these rules any character-based or hexadecimal pattern of interest. In this talk given at Dojosec, David Warren describes how Snort can be used as a network forensics tool.

The mission of DojoSec is to provide an environment for people to master the art of information security. DojoSec Monthly Briefings are an example of the commitment that we are making to accomplish this goal.

DojoSec Monthly Briefings’ audience have seen talks by Johnny Long, Ron Gula, Joseph McCray, Marcus J. Ranum, and Bruce Potter to name a few speakers. Attendees enjoy technical demonstrations, industry expert speakers, and a meal. It’s like a dinner theater for security geeks!