Presented at the 15th Annual Information and IT Security Summit - March 2010.

Abstract: Recent years have seen substantial development in computer and network security. This has been manifested as an every increasing range of new protocols, new encryption algorithms, new methods of authentication, smarter firewalls and intrusion detection techniques, new antimalware products and many more.

During the same period of time increasing demands for more sophisticated analysis tools have come from the operational requirements of law enforcement agencies including e-discovery, commercial intelligence and national security. Thus the industry has seen equally significant developments in computer forensic tools where methods of searching for and detection of, malicious activity for presentation as evidence have become ever more sophisticated.

To a considerable degree the science of security and forensics have seen both rapid but separate developments. This paper proposes that there are areas in common between these two important fields of endeavour and sets out techniques and ideas which demonstrate how they can overlap and work together.

In particular this paper addresses computer security and forensic analysis from a real-time perspective such that security events can be monitored in a live network while sound forensic data collection, storage and processing can be carried out in a manner which supports real-time security and at the same time still meeting the requirements of sound evidence.

Attachments: 

Download full paper

Download Powerpoint presentation