DFIROnline

DFIROnline is a monthly online meeting of digital forensic and incident response professionals. The purpose of these meetups is to enable information sharing among the DFIR community. These session are open to anyone, and occur on the third Thursday of every month at 2000 US eastern time. If you would like to get involved and present something please email This email address is being protected from spambots. You need JavaScript enabled to view it. .

If you would like to recieve emails about the schedule and upcoming events you can subscribe to the DFIROnline mailing list here. The list is only used for announcements and reminders and should not generate more than a few emails a month.

The schedule will be updated as presenters are organized.

Instructions

The meetups will be held in my adobe connect meeting room here: http://champlain.adobeconnect.com/wilkinson/. In order to access the "room" just follow the link, you will need adobe flash (sorry about that). No password is required, just type your name and login as a 'guest'.
Attendees will be able to post questions live using chat, unfortunately more than around six audio and video connections becomes difficult to manage so video and audio will be limited to the presenters to start with.

You can also download the adobe connect android or iphone app and join in while at the movies, or out for dinner, just make sure your other half does not catch you....

You can also follow DFIROnline on twitter @DFIROnline

Recordings

Recordings of past presentations can be found on the dfironline youtube channel.

The Schedule

Date

Presenter

(link to their website)

Topic


May 9 2013 Meghana Reddy
Lan Hang

Log Analysis and Data Visualization for Incident Response

I caught up with Meghana and Lan of PwC at PFIC this year, and felt that their presentation was one of the most innovative I have seen in a long while. They have developed a number of scripts for processing various log files and presenting large amounts of data in a visual manner. As a non-visual person their creativity blew my mind. Just ask my wife, give me tables of numbers and I am happy, but don't ask me to make something look pretty. They have kindly offered to come and share their experiences and maybe even some of their code with us.

From their abstract:
In this presentation, we will cover the basics of reading, processing and visualizing network log data. Attendees will get a basic introduction to grep and awk to filter and parse large data sets. They will take the data generated though the filtering process and learn how to generate reports to help identify several attack scenarios. These tools can be used against a variety of different data sets and help the attendee look for different ways to search and extract data rapidly and reduce the volume of data not related to their analysis. The attendees will be given methods to identify a variety of attacks or scans. These attacks may include port scanning, SQL injection, and web application exploitation.


June 2013 No meetup

No meetup

I will be moving back to Australia in June and will have a few other things on my mind.