19th-20th November 2011 - Melbourne, Australia
Timeline analysis is still relatively new to most computer forensic examiners, but extremely useful for reconstructing user and system activity. One challenge however is finding a clean and efficient way of analysing the vast amount of data it produces ... a problem that's well suited to Splunk.
This presentation will go through the basics of timeline analysis, explain some useful tricks and common traps and demonstrate how Splunk can streamline the whole process for you.
Nick's career started in IT audit before moving to IT security in the 90's, as clients started connecting their companies to the Internet. He joined the High Tech Crime team of the Australia Federal Police, working on cases including counter terrorism, computer hacking and online child exploitation before moved into the leading commercial forensic practice in Australia.
In 2009 Nick founded an independent computer forensic company based in Sydney, where today his growing team investigates cases involving fraud, corruption, employee misconduct, theft of IP, commercial litigation, e-discovery, online child abuse, criminal prosecution and defence, system compromise and data breach. He's presented expert evidence in various Australian and overseas courts and speaks regularly at industry events and in the media.