now browsing by tag


More Investigations at InfoSecurity.nl

Police Line Do Not Cross

I’m just back from InfoSecurity.nl in Utrecht where I presented an updated version of my talk “What Will You Investigate Today?“. I talked about it for the first time during the RMLL in July in front of a very small audience who gave my ideas and inputs. The slides are available on slideshare.net as usual:

Thank you to VNU Exhivitions for inviting me! If you have log management projects or if you’re looking for advices, feel free to contact me!

What Will You Investigate Today?


Since this weekend, Brussels is hosting the 14th edition of the RMLL (“Rencontres Mondiales du Logiciel Libre“) or “Libre Software Meeting” in English. As defined on the website, this is a “non-commercial cycle of conferences, round tables and practical workshops based on libre software and its uses. Its aim is to provide a platform for libre software users, developers and stakeholders“. Check out the schedule to see the large number of fields where libre software can be used. Lot of discussions (non technical) were also sheduled.

Of course, there was technical slots reserved to talk about multiple topics and, amongst them, no surprise: information security. The day started with a presentation fromĀ Peter Czanik (Balabit Software – the creator of syslog-ng). He performed a good introduction to log management. This one a perfect introduction to my own talk: “What Will You Investigate Today?“. Once you deployed a log management solution, it’s a good idea to start giving more value to your logs by correlating them with external resources. Here is a copy of my slides: