tag:blogger.com,1999:blog-4088979.post113112014556970810..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Network Forensics? Please.Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-4088979.post-1134513407346248702005-12-13T17:36:00.000-05:002005-12-13T17:36:00.000-05:00Richard is right. The use of the term forensics, ...Richard is right. The use of the term forensics, as PMG used it, was not correct. There are no such thing as "forensic techniques", there are scientific techniques which are used in forensics. The technique itself comes from whatever discipline (e.g. biology, chemisty, computer science, etc.) The forensic part comes from the application of the technique. If I use Ethereal during an investigation to examine network traffic, in order to identify the actions of a suspect, then this is more likely than not forensics. If I use Ethereal to troubleshoot a network, I'm still doing the same packet-analysis, but I'm not doing forensics. The difference is not the technique/knowledge but the application.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1131727643772311142005-11-11T11:47:00.000-05:002005-11-11T11:47:00.000-05:00Richard,I really like your stuff, but I find it ha...Richard,<BR/><BR/>I really like your stuff, but I find it hard to believe that you've never heard of PMG before. Pine Mountain Group has been a staple offering network analysis training at the Interop conferences since the early 90's. Regarding your dislike of the term "Network Forensics" being used by PMG for their courses, you do have a point regarding the definition of the term. However, PMG has been talking about "Network Forensics" for a long time. I believe I heard Bill Alderson, the founder of PMG, use the term this way back in 2000 at the Interop conference in Atlanta. Where have you been all of these years?<BR/><BR/>Clarke Morledge<BR/>Network Engineer<BR/>College of William and MaryAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1131386619065242022005-11-07T13:03:00.000-05:002005-11-07T13:03:00.000-05:00I agree with Richard. The point is that PMG are u...I agree with Richard. The point is that PMG are using network forensic <I>techniques</I>, but they are certainly not performing network forensics. For them to say they're doing forensics is like saying forensics includes removing spyware or figuring out why newly-installed RAM isn't recognized.jshttps://www.blogger.com/profile/14237717382869811560noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1131384208340100202005-11-07T12:23:00.000-05:002005-11-07T12:23:00.000-05:00Anonymous -- I'll take your comments seriously whe...Anonymous -- I'll take your comments seriously when you post using a real name.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1131382646531550022005-11-07T11:57:00.000-05:002005-11-07T11:57:00.000-05:00Security pros actually do a bit their own "cultura...Security pros actually do a bit their own "cultural marketing" by using terms like forensics. It is natural that all those in the consulting biz want to latch on to latest sexy terminology. <BR/><BR/>You're all in the business of selling your seminars and books. Try to keep that in mind as you pompously denegrate others methods in the name of "uncluttering" your field.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1131200307296743642005-11-05T09:18:00.000-05:002005-11-05T09:18:00.000-05:00Completely agree...This is another example of "cul...Completely agree...<BR/>This is another example of "cultural marketing" at its best (or worst). With the popularity of television programs like CSI, Law & Order, et al. I'm surprised we aren't seeing more examples of this.<BR/><BR/>It reminds me of when a certain game show was hugely popular a few years back. Everywhere I turned I saw seminars such as "Who Wants To Be A CIO?"... "Who Wants To Be An IT Hero?"...... Ugh..Anonymousnoreply@blogger.com