Using Distributed Computing Techniques and Tools to Help Network Forensics

Network Forensics tries to give some sense to the packets crossing on the networks from network analysis up to the recovering from a security incident. But network forensics techniques are facing multiple challenges like the never-ending increase of volume exchanged or the multiplicity of protocols used. With the advent of distributed computing, it could be used to improve the work or research activities in network analysis. The main objective of the course is show the current challenges in network analysis. And how recent advancements in software engineering like key-value store tools, map-reduce processes help to process large amount of network forensic data. The course will be separated in two parts: the theoretical/engineering aspects of network forensic and a hands-on analysis workshop with network data collected in honeypots and network security sensors.


Alexandre encountered his first computer in the eighties, and he disassembled it to know how the thing works. While pursuing his logical path towards information security and free software, he worked as senior security network consultant at different places (e.g. Ubizen, now Cybertrust). He co-founded a startup called Conostix specialized in information security management, and the past 6 years, he was the manager of global information security at SES, a leading international satellite operator. He is now working at the national Luxembourgian Computer Security Incident Response Team (CSIRT) in the research and operational fields. He is also lecturer in information security at Paul-Verlaine University in Metz and the University of Luxembourg. Alexandre enjoys working on projects where there is a blend of “free information”, innovation and a direct social improvement. When not gardening binary streams, he likes facing the reality of ecosystems while gardening or doing nature photography. - PGP key fingerprint : 3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD