Tuesday, October 26, 2010

Abusing Standards

This morning I presented at the Techno Forensics conference. I had a great audience and tried to share my thoughts on analysis and network forensics with them. I think the talk went well. The audience asked some great questions on abusing IP protocol standards, which is one of my favorite artifacts to look for analytically. See, that's the nice thing about network traffic analysis -- network traffic conforms (or should conform) to IETF standards. Looking for cases when it doesn't (for example, TCP packets of less than 48 bytes) can turn up some very interesting finds!