Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Forensics for the Defense


Published on

Forensic techniques are not just for law enforcement. You need to supplement your existing security package and provide evidence of due diligence in the event of an incident. Test your security before someone else does.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Forensics for the Defense

  1. 1. Tom KopchakForensics for the Defense(of your network)
  2. 2. •Who am I?•Why am I here, and whatgot me here?•Why I am passionateabout computer security?About the Presenter –Who am I?
  3. 3. You do"forensics"?!?That soundsawesome!!
  4. 4. The Truth• Evidence can be hard to come by• Any and all evidence must be carefullyaccounted for and documented• Cases involving movie-like circumstances arefew and far between
  5. 5. Forensics = Valuable• Traditional - Law enforcement• Emerging - Security
  6. 6. Traditional Forensics – Disks
  7. 7. Next Steps – Memory
  8. 8. Expanding the Scope
  9. 9. Leveraging Forensicsfor Business
  10. 10. Commonalities
  11. 11. Practical Applications
  12. 12. • Forensic Verification• Forensic Penetration Testing• Malware/Exploit/Breach AnalysisPractical Applications
  13. 13. A word of caution...• Permission!
  14. 14. Why Forensics?• Security is not a checkbox• Simulate attack• Identify shortcomings
  15. 15. Forensic Verification• Applications might store temporary/cacheddata• PCI implications
  16. 16. Test Configuration• Control image• Test Cases• Analysis
  17. 17. Encrypted Laptop – Stolen!It’s safe, right?
  18. 18. The Solution – ForensicsPenetration TestingZero Knowledge vs. Authenticated Testing
  19. 19. The Real TestFully Encrypted – Administrator Confidence 100%
  20. 20. Starting the AttackMachine Powered Off – Full Disk Images Created
  21. 21. Breakthrough• Grace period for pre-boot authentication lockout
  22. 22. Mounting the attackDowngrade memory – Leverage DMA – Exploit OSResult: Full Admin Access to Entire System
  23. 23. Failure of Encryption?• Encryption Did Not Fail!• Convenience vs. Security• Zero knowledge attack
  24. 24. Forensics for theDefense – One Systemat a Time• System vulnerabilities unknown until tested• Forensic Penetration testing = same purpose astraditional penetration test• Learn and improve from mistakes
  25. 25. Conclusions• Forensic techniques arenot just for lawenforcement• Supplement your existingsecurity package• Provide evidence of duediligence in the event of anincident• Test your security beforesomeone else does
  26. 26. Wrap Up/QA