• Aucun résultat trouvé

Digital Forensics Lab Director

N/A
N/A
Info
Télécharger
Protected

Academic year: 2022

Partager "Digital Forensics Lab Director"

Copied!
36
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

HACKING PARIS 2014

EXTREME FORENSICS RELOADES 2Q /2014

Alvaro Alexander Soto

Digital Forensics Lab Director

HTCIA/ICFP/ACM/IEEE/ACIS/ISSA

asoto@asoto.com

(2)

INTENDED AUDIENCE

Forensic lab directors / analysts - Law enforcement - Researchers - Tech Enthusiasts – a.k.a. Geeks

Objectives.

Think beyond traditional forensic tools and general

landscape of the new challenges

(3)

Evolution of Digital Forensics…

– Pc’s..

– Networks

– Smartphones – Digital Devices – Cloud…

– Next…?

(4)

CORPORATE - ECONOMIC ESPIONAGE

What is?

Industrial espionage, economic espionage or corporate espionage is a form of espionage conducted for commercial purposes instead of purely national security.[1] Economic espionage is conducted or orchestrated by governments and is international in scope, while industrial or corporate espionage is more often national and occurs between companies or corporations. Wikipedia.

Corporate Espionage vs Counter Terrorism

(5)

Currents

• USA – CHINA / DOJ / FBI Indict.

• Target..

• Colombia, Andres Sepulveda, Cuba, etc

• 19 countries, FBI, Rent-a-backdoor Creepware 40USD “Full Equipment”

• Statistics USA –Verizon- , COL, KMPG,

• EXECUTIVE Responsibility - NOT I.T.

(6)

Web Site www.asoto.com  Email:

info@asoto.com

Expectations…

Sometimes you expect this:

(7)

Web Site www.asoto.com  Email:

info@asoto.com

…But you get this..

(8)

Web Site www.asoto.com  Email:

info@asoto.com

Expectation:

(9)

Web Site www.asoto.com  Email:

info@asoto.com

But you get this…

(10)

Expectation…

Web Site www.asoto.com  Email:

info@asoto.com

(11)

But you get this…

Web Site www.asoto.com  Email:

info@asoto.com

(12)

EXPECTATION..

(13)

But you get this…

(14)

Web Site www.asoto.com  Email:

info@asoto.com

Sometimes you expect this:

(15)

Get this…

(16)

Sometimes you expect this:

Web Site www.asoto.com  Email:

info@asoto.com

(17)

But you get this:

Web Site www.asoto.com  Email:

info@asoto.com

(18)

Web Site www.asoto.com  Email:

info@asoto.com

Sometimes you expect this:

(19)

Web Site www.asoto.com  Email:

info@asoto.com

…But you get this..

(20)

Lab TOOLS…

• Software

• Hardware

• Specialized tools

(21)

Password Protection…

http://www.freerainbowtables.com/ ….

http://www.freerainbowtables.com/en/tables2/

Others…

(22)

Manual Password Recovery

(23)

Really Standard process??

(24)

• ISO 17025..

And remember the LIMS…..

(25)

• Technical Process..

• Administrative Process..

• Legal process…

• Integration…

(26)

Web Site www.asoto.com  Email:

info@asoto.com

Actual/Future paths for

specializations in digital forensics

• OS + internals

• NOS + internals

• Mobile phones/smart phones

• Digital devices / appliances

• Reverse engineering / malware analysis

• App Servers / web 2.0, 3.0 …..

(27)

New trends/challenges.. new tools required …

• Firmware analysis and repair

• Mechanical tools for media

• Faraday cages

• EEPROM / NAND readers

• Spectrum analyzers

• Mobile multiplexers

• Sand boxes

• Reverse engineering

• Strong SSO auth.

• Data mining…. Terabytes waiting for..

(28)

ACE / SD / Others..

Web Site www.asoto.com  Email:

info@asoto.com

(29)

Web Site www.asoto.com  Email:

info@asoto.com

Nude HDD…

(30)

Web Site www.asoto.com  Email:

info@asoto.com

Example of eXtreme

Digital Forensics, beyond the logical level…

The dark side of storage

• ATA Commands

• ATA Factory commands

• What is the SA?

• Firmware

• Flash ROM

• Heads/Platters

• Security Erase, HDD Self destruction?

• ATA password

(31)

Web Site www.asoto.com  Email:

info@asoto.com

ATA commands..

PC3k… SD… Etc…

(32)

OSINT

• Open-source intelligence (OSINT) is a form of

intelligence collection management that involves finding, selecting, and acquiring information from

publicly available sources and analyzing it to produce actionable intelligence. In the intelligence

community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or classified sources); it is not related to open-source software or public intelligence.

Web Site www.asoto.com  Email:

info@asoto.com

(33)

OSINT Free…

Web Site www.asoto.com  Email:

info@asoto.com

(34)

More boy toys…

• http://labs.adobe.com/technologies/swfinvestigator/

• IDA+Olly+Syser+Python+.

• http://sourceforge.net/projects/malclassifier.adobe/

• http://aws.amazon.com/free/

• http://corelan.be/

Web Site www.asoto.com  Email:

info@asoto.com

(35)

Web Site www.asoto.com  Email:

info@asoto.com

Conlusions

• teamwork, teamwork, teamwork

• research beyond the standard channels

• reverse engineering

• binary analysis

• VM and isolation

• avoiding self destruction techniques (Media/Mobile)

• hardware hacking…

• reaserch, reaserch, reaserch

• legal - technical integration local, regional and beyond the borders

• concept unification, committee, academy and industry

• welcome ideas, research join efforts

(36)

QUESTIONS ?

Références

Télécharger maintenant ( PDF - 36 Page - 2.21 MB )

Documents relatifs

This recording is to be used only for non-commercial educational purposes

LondonChoralCelestialJazz, by Bernardine Evaristo: A short story in verse set in the high-octane, adrenaline-charged streets of contemporary London. Inspired by Dylan Thomas, read

AUCTIONS WITH LEAKS ABOUT EARLY BIDS: ANALYSIS AND EXPERIMENTAL BEHAVIOR

The experimental outcomes of the first-price auctions are as (game-) theoretically predicted: Unconditional bids are not affected by leak probability, but actual leaks reduce

Examples of industrial and military technology transfer in the eighteenth century

By 1785, they were demonstrating their bolts at Rochefort, where the copper bolts proved to be harder than the French iron ones and the French navy was importing British coppering

Is specialization good for regional economic development?

CONCLUSION: SPECIALIZATION AND THE DYNAMICS OF ECONOMIC DEVELOPMENT Consistent with theories of agglomeration under which the scale of an industry augments productivity through

III entire is for is Digital is

support overlay support overlay 2 support overlay support overlay support overlay 5 support overlay 6 support overlay 7 support overlay 8 support overlay 9 support overlay 10

1975,1976 DIGITAL. IS ITS DIGITAL. DIGITAL'S A A IS RESpbNSIBILITY A IS 1976 I ..............

WHEN THE ERROR INSTRUCTION IS EXECUTED A TRAP OCCURS TO THE ERROR HANDLER LOCATED AT SERROR WHICH PROCESSES THE ERROR CALL.. EVERY ERROR MESSAGE CONTAINS A

Is Memory Purely Preservative?

My having a particular episodic memory is a sui generis experience, and if I have no reason to doubt that it is veridical, it is misleading to ask how I know that the remembered

Economic Modeling of Energy Security: Simulation of Economic Processes (Case of Ukraine Gas System)

Therefore, based on the above, we give the following definition of Ukraine's ener- gy security – the ability of the state to ensure the efficient use of its own fuel and en- ergy