An Introduction to Exploratory Data Analysis with Network Forensics
"Universal law is for lackeys; context is for kings." -Capt. Gabriel Lorca, Star Trek: Discovery Workflows are often not as clearly defined in reality as they »
knowledge
6 tagged posts
An Introduction to SMB for Network Security Analysts
This guide is available as a pdf here. Of all the common protocols a new analyst encounters, perhaps none is quite as impenetrable as Server Message »
Triaging Large Packet Captures - Methods for Extracting & Analyzing Domains
In the recent post Triaging Large Packet Captures - 4 Key TShark Commands to Start Your Investigation, I discussed some areas to begin investigating a large »
Using Emerging Threats Suricata Ruleset to Scan PCAP
Scanning a PCAP file with a large IDS ruleset can be beneficial for putting a name to suspicious or malicious activity. It can also be useful »
Identifying and Triaging DNS Traffic on Your Network
DNS is one of the most important protocols on the modern internet, and any incident responder must be intimately familiar with its inner workings to perform »
Triaging Large Packet Captures - 4 Key TShark Commands to Start Your Investigation
Triaging large packet captures is a daunting task, even for the most seasoned security analysts. With a mountain of data and few leads, analysts need to »
1
1