ADVISORY/Foundstone Experts Conduct All Day Seminar At Upcoming Networld+Interop Conference.

WHO:          Foundstone, the premier provider of security assessments
              and vulnerability protection.
              Conducting the session are Foundstone incident response
              experts Chris Prosise and Kevin Mandia.  They are
              co-authors of the book, "Incident Response:
              Investigating Computer Crime" form Osborne/McGraw-Hill.

SPEAKER BIOS: Chris Prosise, Foundstone VP of Professional Services
              Prosise, a cofounder of Foundstone, is a recognized
              network security expert with extensive experience in
              attack and penetration testing and incident response.
              He has led government and commercial security teams on
              missions worldwide, from sensitive incident response
              missions on Top Secret government networks to
              comprehensive security assessments on some of the
              world's largest corporations. In addition, Prosise is an
              adjunct professor at Carnegie Mellon University, where
              he teaches graduate students the latest in computer
              security.

              Kevin Mandia, Foundstone Principal Consultant
              Mandia leads Foundstone's premier incident response and
              forensics services. The FBI's National Infrastructure
              Protection Center, Air Force Office of Special
              Investigations (AFOSI), state law enforcement, and
              corporate entities all have used Mandia's blend of law
              enforcement and technical skills on complex computer
              crimes. Prior to Foundstone, Mandia was a special
              agent with AFOSI, specializing in computer intrusion
              cases. After AFOSI, he developed a computer intrusion
              response course specifically designed at the request
              of the FBI.

WHAT:         Investigating Computer Security Incidents

WHEN:         May 8, 8:30 a.m. to 4 p.m. Pacific

WHERE:        N+I Conference, Las Vegas

WHY:          This course details the practical steps necessary to
              respond to and resolve security incidents. The untrained
              system administrator, law enforcement officer or
              computer security expert may accidentally destroy
              valuable evidence or fail to discover critical clues of
              unlawful or unauthorized activity. After demonstrating
              common attacks against Web servers and operating
              systems, the instructors demonstrate how and where to
              find the evidence left behind, demonstrating how to
              conduct computer forensics and analysis in the real
              world. Also covered are challenges to evidence
              collection, ranging from IIS log deletion to rootkits
              to Steganography. The course provides a detailed,
              technical methodology for investigating incidents.

-- Real-world case studies

-- Technical review of the computer forensics process

-- Proper safeguarding, handling and preservation of evidence

-- Detecting Web server attacks

-- Detecting denial-of-service attacks

-- Recognizing covert channels

-- Identifying and understanding attacks in Windows

-- Identifying and understanding attacks in UNIX

-- Techniques that hackers employ to create obstacles to evidence collection

-- Top 10 technical steps used to respond to network intrusions