[Dshield] Forensic Analysis Practical

Richard Stiennon RStiennon at webroot.com
Fri Mar 25 23:12:42 GMT 2005


You could attend RAID or read past presentations. 
 
http://www.conjungi.com/RAID/
 
 
Richard Stiennon
www.threatchaos.com

________________________________

From: list-bounces at lists.dshield.org on behalf of Pete Cap
Sent: Fri 3/25/2005 6:28 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Forensic Analysis Practical



I'm not aware of any peer review in our community outside of the SANS reading room.  In the pages of the few publications that concern themselves with network security, all I see are articles on "best security practices" and explaining security issues and requirements to upper management.  So, inasmuch as network defense (especially the analytic portions of it--intrusion analysis, log review, forensics) is in many ways an empirical science, our community is WAY behind every other scientific and engineering community out there.  I think this is a great reason why IT security generates a lot of energy and noise and very little seems to be changing in recent days.


Personally, I would like to see a publication along the lines of a scientific journal, complete with serious peer review.  People could write articles on analytical technique, reviews of tools, case studies, and so forth.  I believe that there would be less pressure in this forum than you might find in a GIAC practical assignment.


Thoughts? 
  
Regards, 
  
Pete 

Kenton Smith <kenton at mail2techie.com> wrote: 

>I will miss having my work published having been validated by the 
>industry. I will miss the chore that forces me to apply the entire 
>process and gain experience not able to be taught in the classroom. I 
>will miss Reading Room, where solutions can often be found having been 
>proven and vetted by other IT professionals (often with much better 
>instructions than vendor docs). 


I don't think there is anything stopping you from submitting to the 
Reading Room. It isn't just practicals. Maybe the reading room will be 
turned into something else? 

Kenton 




_______________________________________________________________ 
Get the FREE email that has everyone talking at http://www.mail2world.com 

250MB & 2GB Email Accounts - POP3 - Calendar - SMS - Translator - Much More! 

-------------- Sponsor Message ------------------------------------ 
Join us at SANSFIRE 2005 in Atlanta! 
The Internet Storm Center Conference. 
Details: http://www.sans.org/sansfire2005 

_______________________________________________ 
send all posts to list at lists.dshield.org 
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list 


                
--------------------------------- 
Do you Yahoo!? 
 Yahoo! Small Business - Try our new resources site! 
-------------- Sponsor Message ------------------------------------ 
Join us at SANSFIRE 2005 in Atlanta! 
The Internet Storm Center Conference. 
Details: http://www.sans.org/sansfire2005 

_______________________________________________ 
send all posts to list at lists.dshield.org 
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list 





More information about the list mailing list