What we learned since MFW 09<br />Pirates vs. Ninjas<br />
We Misunderstand Each Other…<br />Forensic Scientists: Hackers are those misguided criminal pirates (aargh!) who care litt...
Merging Subcultures<br />BUT the forensic science community and “hacker” communities share some overlapping goals:<br />Us...
Minor Differences…<br />
Forensics Community:<br />Professional attire provides a visual cue as to the expert’s discipline<br />Appearance<br />
Hacker Community:<br />Fat people are harder to kidnap<br />Appearance<br />
Forensics Community:<br />Felon: Any individual who commits a felony<br />Vocabulary<br />
Hacker Community:<br />Felon: Any individual who<br />commits a felony<br />… and gets caught.<br />Vocabulary<br />
Forensics Community:<br />Suspect: Someone who is under suspicion<br />Perspective<br />
Hacker Community:<br />Suspect: That piece of S***<br />WHO MUST BE SET ON FIRE. <br />Perspective<br />
OK, Not So Minor Differences…<br />
Forensics Community:<br />OPEN SOURCE Tools:<br />Jailbreaking using A crude method to brute force access into a device<br...
Hacking Community:<br />OPEN SOURCE Tools:<br />A foundation for ELEGANT, safe disk-level tools, using REPRODUCIBLE TECHNI...
FORENSICS Community:<br />LEGAL: <br />Whatever Apple says is legal.<br />Legal<br />
HACKER Community:<br />LEGAL: Whatever the law says is legal, based on fair use case law.<br />Legal<br />
But we can get along…<br />
Best Technology and Practices…<br />We already had the best technology at the time, but…<br />MFW 09 communicated the impo...
ICAC Workshop<br />Oct 19-22 “Forensics Camp 2010”<br />40 seats available: ICAC members ONLY<br />Registration is FREE<br...
Best Technology and Practices…<br />The latest iPhone/iPad forensic suite:<br />Simplifying tools to reduce mistakes<br />...
Clean/Beautiful Code<br />Don’t hate me because I’m beautiful…<br />Recovery agent ~20 lines of code, < 10K<br />All shell...
Peer Review<br />Approved for use by three-letter law enforcement agencies and in the defense sector<br />Still the highes...
Contributions<br />http://www.iphoneinsecurity.com set up for posting submissions, articles, and papers<br />All source co...
Mutual Interest<br />Hackers hate rapists, murderers, child molesters, (and sometimes even drug dealers) just as much as t...
Shall we play a game?<br />Pirates vs. Ninjas<br />
Upcoming SlideShare
Loading in …5
×

Pirates vs.-ninjas

446 views

Published on

Jonathan Zdziarski's talk from MFW 10 about the merging of the hacker and forensic community subcultures.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
446
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Pirates vs.-ninjas

  1. 1. What we learned since MFW 09<br />Pirates vs. Ninjas<br />
  2. 2. We Misunderstand Each Other…<br />Forensic Scientists: Hackers are those misguided criminal pirates (aargh!) who care little for methodology and science… and they smell like cheese.<br />Hackers: Forensic Scientists are those talentless nerds in the lab on CSI who care little for ingenious solutions… and they smell like cheese.<br />
  3. 3. Merging Subcultures<br />BUT the forensic science community and “hacker” communities share some overlapping goals:<br />Use (or develop) best technologies available for the job<br />Use clean, beautiful code and techniques<br />Create an environment that fosters peer review<br />Inspire others to contribute and build on existing projects<br />Mutual interest in ridding the world of bad guys ™ <br />
  4. 4. Minor Differences…<br />
  5. 5. Forensics Community:<br />Professional attire provides a visual cue as to the expert’s discipline<br />Appearance<br />
  6. 6. Hacker Community:<br />Fat people are harder to kidnap<br />Appearance<br />
  7. 7. Forensics Community:<br />Felon: Any individual who commits a felony<br />Vocabulary<br />
  8. 8. Hacker Community:<br />Felon: Any individual who<br />commits a felony<br />… and gets caught.<br />Vocabulary<br />
  9. 9. Forensics Community:<br />Suspect: Someone who is under suspicion<br />Perspective<br />
  10. 10. Hacker Community:<br />Suspect: That piece of S***<br />WHO MUST BE SET ON FIRE. <br />Perspective<br />
  11. 11. OK, Not So Minor Differences…<br />
  12. 12. Forensics Community:<br />OPEN SOURCE Tools:<br />Jailbreaking using A crude method to brute force access into a device<br />Technology<br />
  13. 13. Hacking Community:<br />OPEN SOURCE Tools:<br />A foundation for ELEGANT, safe disk-level tools, using REPRODUCIBLE TECHNIQUES… but making it look so awesome you’d think we used black magic<br />Technology<br />
  14. 14. FORENSICS Community:<br />LEGAL: <br />Whatever Apple says is legal.<br />Legal<br />
  15. 15. HACKER Community:<br />LEGAL: Whatever the law says is legal, based on fair use case law.<br />Legal<br />
  16. 16. But we can get along…<br />
  17. 17. Best Technology and Practices…<br />We already had the best technology at the time, but…<br />MFW 09 communicated the importance of:<br />Simplifying tools to reduce mistakes<br />Reducing dependence on third party applications<br />Making our methods more understandable<br />Making our imaging time faster<br />Taking a minimalist approach to imaging<br />
  18. 18. ICAC Workshop<br />Oct 19-22 “Forensics Camp 2010”<br />40 seats available: ICAC members ONLY<br />Registration is FREE<br />You’ll receive around $10,000 of training FREE.<br />Jonathan Zdziarski, Andrew Hoog, Sam Brothers, Ryan Kubasiak, RCFL: 4 days of intense broad-based digital forensic training<br />Oh, and some of us are hackers.<br />
  19. 19. Best Technology and Practices…<br />The latest iPhone/iPad forensic suite:<br />Simplifying tools to reduce mistakes<br />No more deep firmware manipulation<br />Just a couple simple scripts<br />Reducing dependence on third party applications<br />No more Pwnage “jailbreak” tool, no more iTunes <br />Making our methods more understandable<br />Better documentation and workshop slides<br />Making our imaging time faster<br />Ride atop Apple’s high speed usbmux protocol<br />Taking a minimalist approach to imaging<br />No firmware rewrite, no kernel patching<br />All OS-level operations performed from RAM<br />
  20. 20. Clean/Beautiful Code<br />Don’t hate me because I’m beautiful…<br />Recovery agent ~20 lines of code, < 10K<br />All shell scripts are, by definition, open source; cleanly written<br />Tiny (10K) footprint in protected, read-only OS space<br />Password removal is now a controlled 2-byte write to user<br />
  21. 21. Peer Review<br />Approved for use by three-letter law enforcement agencies and in the defense sector<br />Still the highest scored iPhone tool in Andrew Hoog’s white paper<br />Tested daily by over 1,000 law enforcement agencies world-wide<br />Presently being validated by Sam Brothers (US Customs / Border Protection)<br />Latest documentation replacing obsolete book free for download<br />Chicks dig it<br />
  22. 22. Contributions<br />http://www.iphoneinsecurity.com set up for posting submissions, articles, and papers<br />All source code readily available on website<br />A number of very bright people in both communities have been quietly contributing their code and ideas<br />… the forensics community is invited to participate!<br />
  23. 23. Mutual Interest<br />Hackers hate rapists, murderers, child molesters, (and sometimes even drug dealers) just as much as the forensics community.<br />We’re willing to play by your rules and use your requirements to help put together highly advanced solutions.<br />Please, continue to share your needs (and wants)<br />
  24. 24. Shall we play a game?<br />Pirates vs. Ninjas<br />

×