Alessandro Frossi
The i-Code forensic console
The i-Code system is made of different tools, each based on different technologies and interacting with the user in custom ways. The console answers the need for a generic user to be able to look at the output of the single tools in a more usable and standardized fashion, thus allowing faster recognition and response times: it becomes the only event collection point for the whole system, collecting events from the peripheral tools and making them all available on a single web application. The backend part of the console is based on Prelude SIEM, which can handle with no effort all the issues accountable to network or client failures, while the frontend is web-based and cross-browser and was built keeping in mind the need for the system to be usable and lightweight. Some correlation rules were also developed to enhance the information the security events delivered to the final users and to automatize fringe processes, like the delivery of the detected shellcode to the Anubis platform to be further analyzed. After a short overview of the console and the development choices, a brief demo will take place showing the web application and the possible user interactions.
Bio
Alessandro Frossi is currently a temporary research assistant at Politecnico di Milano. He received his M.Sc. in 2008 both at Politecnico di Milano and University of Illinois at Chicago (UIC) with a thesis on Intrusion Detections Systems. He then worked as a security consultant for 2 years, specializing in real-time security monitoring.
With the support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme.