The trends in security attacks have shown increase interests in network devices. Routers, firewall and other network devices are targeted not only to create a denial of service but to control the traffic flow and to have access to information flowing through the nodes. During this session, we will discuss possible attack vectors to Cisco IOS and Cisco IOS-XE devices, how to verify the integrity of image and run-time memory for forensic purpose, how to create and analyze Cisco IOS memory dump, look for indicator of compromises (IoC), and security best practices to prevent and detect a possible intrusion.