Your SlideShare is downloading. ×
  • Like
Pirates vs.-ninjas
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Pirates vs.-ninjas

  • 304 views
Published

Jonathan Zdziarski's talk from MFW 10 about the merging of the hacker and forensic community subcultures.

Jonathan Zdziarski's talk from MFW 10 about the merging of the hacker and forensic community subcultures.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
304
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
4
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. What we learned since MFW 09
    Pirates vs. Ninjas
  • 2. We Misunderstand Each Other…
    Forensic Scientists: Hackers are those misguided criminal pirates (aargh!) who care little for methodology and science… and they smell like cheese.
    Hackers: Forensic Scientists are those talentless nerds in the lab on CSI who care little for ingenious solutions… and they smell like cheese.
  • 3. Merging Subcultures
    BUT the forensic science community and “hacker” communities share some overlapping goals:
    Use (or develop) best technologies available for the job
    Use clean, beautiful code and techniques
    Create an environment that fosters peer review
    Inspire others to contribute and build on existing projects
    Mutual interest in ridding the world of bad guys ™
  • 4. Minor Differences…
  • 5. Forensics Community:
    Professional attire provides a visual cue as to the expert’s discipline
    Appearance
  • 6. Hacker Community:
    Fat people are harder to kidnap
    Appearance
  • 7. Forensics Community:
    Felon: Any individual who commits a felony
    Vocabulary
  • 8. Hacker Community:
    Felon: Any individual who
    commits a felony
    … and gets caught.
    Vocabulary
  • 9. Forensics Community:
    Suspect: Someone who is under suspicion
    Perspective
  • 10. Hacker Community:
    Suspect: That piece of S***
    WHO MUST BE SET ON FIRE.
    Perspective
  • 11. OK, Not So Minor Differences…
  • 12. Forensics Community:
    OPEN SOURCE Tools:
    Jailbreaking using A crude method to brute force access into a device
    Technology
  • 13. Hacking Community:
    OPEN SOURCE Tools:
    A foundation for ELEGANT, safe disk-level tools, using REPRODUCIBLE TECHNIQUES… but making it look so awesome you’d think we used black magic
    Technology
  • 14. FORENSICS Community:
    LEGAL:
    Whatever Apple says is legal.
    Legal
  • 15. HACKER Community:
    LEGAL: Whatever the law says is legal, based on fair use case law.
    Legal
  • 16. But we can get along…
  • 17. Best Technology and Practices…
    We already had the best technology at the time, but…
    MFW 09 communicated the importance of:
    Simplifying tools to reduce mistakes
    Reducing dependence on third party applications
    Making our methods more understandable
    Making our imaging time faster
    Taking a minimalist approach to imaging
  • 18. ICAC Workshop
    Oct 19-22 “Forensics Camp 2010”
    40 seats available: ICAC members ONLY
    Registration is FREE
    You’ll receive around $10,000 of training FREE.
    Jonathan Zdziarski, Andrew Hoog, Sam Brothers, Ryan Kubasiak, RCFL: 4 days of intense broad-based digital forensic training
    Oh, and some of us are hackers.
  • 19. Best Technology and Practices…
    The latest iPhone/iPad forensic suite:
    Simplifying tools to reduce mistakes
    No more deep firmware manipulation
    Just a couple simple scripts
    Reducing dependence on third party applications
    No more Pwnage “jailbreak” tool, no more iTunes
    Making our methods more understandable
    Better documentation and workshop slides
    Making our imaging time faster
    Ride atop Apple’s high speed usbmux protocol
    Taking a minimalist approach to imaging
    No firmware rewrite, no kernel patching
    All OS-level operations performed from RAM
  • 20. Clean/Beautiful Code
    Don’t hate me because I’m beautiful…
    Recovery agent ~20 lines of code, < 10K
    All shell scripts are, by definition, open source; cleanly written
    Tiny (10K) footprint in protected, read-only OS space
    Password removal is now a controlled 2-byte write to user
  • 21. Peer Review
    Approved for use by three-letter law enforcement agencies and in the defense sector
    Still the highest scored iPhone tool in Andrew Hoog’s white paper
    Tested daily by over 1,000 law enforcement agencies world-wide
    Presently being validated by Sam Brothers (US Customs / Border Protection)
    Latest documentation replacing obsolete book free for download
    Chicks dig it
  • 22. Contributions
    http://www.iphoneinsecurity.com set up for posting submissions, articles, and papers
    All source code readily available on website
    A number of very bright people in both communities have been quietly contributing their code and ideas
    … the forensics community is invited to participate!
  • 23. Mutual Interest
    Hackers hate rapists, murderers, child molesters, (and sometimes even drug dealers) just as much as the forensics community.
    We’re willing to play by your rules and use your requirements to help put together highly advanced solutions.
    Please, continue to share your needs (and wants)
  • 24. Shall we play a game?
    Pirates vs. Ninjas