<iframe src="//www.googletagmanager.com/ns.html?id=GTM-HR96"height="0" width="0" style="display:none;visibility:hidden"></iframe> Merike Kaeo | Study IT in Estonia
Updated at: Aug 15, 2016

Merike Kaeo

Abstract

Evidence depends on facts. For physical evidence an important concept is "evidential chain”.  I.e. how do you prove that what was seized is what was examined and later produced in court. This principle also holds for network forensics. Not only do you have to prove that the recorded data was actually transmitted and recorded at a given time - but you must also prove that the tools used to collect it have been validated and that there has been no opportunity to tamper with it between recording and analysis.
 
In this session we will examine a variety of ways in which network based communications intelligence is derived and how it can be used to effect action.  Some added considerations for varying jurisdictions and where intelligence from metadata may be used as evidence vs leading to content of communications which can lead to more definitive evidence that will be admissible in a court of law.  How IP Addresses and Domain Names get utilized and misused for nefarious activity along with gathering all the evidence needed to ascertain all of the related sites that are part of a particular criminal scheme.  In particular, the use of passive DNS will be described to show how DNS related data can be used as the source of truth for gathering network based intelligence for a variety of scenarios.


Bio

Merike is the Chief Technology Officer of Farsight Security, responsible for developing the technical strategy and executing its vision. She is a recognized global expert in information security and author of the Cisco Press book "Designing Network Security".

 

Prior to joining Farsight Security, Merike held positions as Chief Information Security Officer for Internet Identity (IID), where she created the strategic direction for improving and evolving the corporate security posture, and founder of Doubleshot Security, where she worked with numerous companies creating strategic operational security and resilient networking architectures. She led the first security initiative for Cisco in the mid-1990s. Merike is on ICANN's Security and Stability Advisory Council (SSAC) and the Communications Security, Reliability and Interoperability Council (CSRIC). She earned a MSEE from George Washington University and a BSEE from Rutgers University.