search menu icon-carat-right cmu-wordmark

The Use of Search Engines for Massively Scalable Forensic Repositories

January 2012 Presentation
John H. Ricketson

In this presentation, John Ricketson describes a forensic platform for cyber investigations that is based on search engine technology.

Publisher:

Software Engineering Institute

Abstract

This presentation was given at FloCon 2012, which took place in Austin, Texas, on January 9-12, 2012. At FloCon 2012, participants focused on the progression of analytics from ideas, to prototypes, to tools. Since each phase has its own set of successes and raises its own set of challenges, organizers encouraged submissions and discussions across the spectrum, and participants addressed topics such as identifying which incident case studies spark the seed of a new idea, discussing how flow data can help refine a static signature, identifying the costs and benefits of implementing a technique at the large-scale network level versus host level, and discussing how well new flow-based analytical tools integrate into an analysts workflow.