[SANS ISC] Comment your Packet Captures!

I published the following diary on “Comment your Packet Captures!“: When you are investigating a security incident, a key element is to take notes and to document as much as possible. There is no “best” way to take notes, some people use electronic solutions while others are using good


[SANS ISC] Investigating Security Incidents with Passive DNS

I published the following diary on “Investigating Security Incidents with Passive DNS“. Sometimes when you need to investigate a security incident or to check for suspicious activity, you become frustrated because the online resource that you’re trying to reach has already been cleaned. We cannot blame system administrators and

1 2