Description: Much has been published regarding the open source intrusion detection system software known as Snort's What is less known is Snort's ability to read previously captured binary packet capture (PCAP) files from various network devices, process these files, and produce meaningful output for responders, analysts, investigators, and examiners. Snort users also have the ability to create customized rules and include within these rules any character-based or hexadecimal pattern of interest. In this talk given at Dojosec, David Warren describes how Snort can be used as a network forensics tool.
Tags: fun ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.