SlideShare a Scribd company logo

Forensic Insight Seminar - Field Device Discussion

INSIGHT FORENSIC
INSIGHT FORENSIC

This document discusses issues related to acquiring forensic evidence from field devices. It begins with background on field devices and why they need to be considered from a forensic perspective. Problems that can be encountered are then outlined, including lack of interfaces, file system or OS compatibility issues, and risks to the integrity of the evidence. A case study is presented involving acquiring evidence from a SCADA system. Finally, discussion topics are proposed around what types of data are important to forensicators, how evidence can be preserved while maintaining a clear chain of custody, and challenges in acquiring different types of field devices for forensic analysis.

Technology
1 of 21
Download to read offline
FORENSIC INSIGHT SEMINAR Discussionyk #1 : Field device ykei ykei.egloos.com @ykx100
forensicinsight.org Page 2 / 21 개요 1. Background 2. Problems 3. When I met SCADA 4. Discussion topic
forensicinsight.org Page 3 / 21 Background - What is a field device - Why we need to care this
forensicinsight.org Page 4 / 21 Background  What is a field device in here?
forensicinsight.org Page 5 / 21 Background Why we need to care this?  Fxxk the mass-media  Have to cross check → Be trustworthy  For find the smoking-bit (specially, manipulate digital evidence)  no way without this M a j o r t h r e a t f o r e n s i c a t o r s
forensicinsight.org Page 6 / 21 Problems - Issues that I met - Example
forensicinsight.org Page 7 / 21 Problems Issues If  Interfaces It hasn’t usb, cdrom, display, keyboard, ethernet  FileSystem Mount Do not support NTFS? or trouble in recognize  OS Compatibility tools No excutable imaging tool, even DD  The risk of system failure We have no time for verification situation.  Capacity / Time Another headache factors O f c o u r s e , w e h a v e t o k e e p i n t e g r i t y o f e v i d e n c e ! C a n y o u a c c o m p l i s h m e n t t h i s m i s s i o n ?
forensicinsight.org Page 8 / 21 Problems Examples  Router / Switch • Telnet, Console Connection • But No Imaging tools  Home Router (Wire, Wireless) • Telnet, Web Admin • No Imaging tools (but It can be execute static DD binary)  Home SCADA • Nothing !! Just opened stupid console
forensicinsight.org Page 9 / 21 When I met SCADA - Case Studyk
forensicinsight.org Page 10 / 21 I Thinks… case Case Studyk
forensicinsight.org Page 11 / 21 When I met SCADA Case Studyk
forensicinsight.org Page 12 / 21 When I met SCADA Case Studyk  Prepare
forensicinsight.org Page 13 / 21 When I met SCADA Case Studyk  See pic… Sorry
forensicinsight.org Page 14 / 21 When I met SCADA Case Studyk  Log
forensicinsight.org Page 15 / 21 When I met SCADA Case Studyk  Test
forensicinsight.org Page 16 / 21 When I met SCADA Case Studyk  Vaccine
forensicinsight.org Page 17 / 21 When I met SCADA Case Studyk  Un-detect malware
forensicinsight.org Page 18 / 21 When I met SCADA Case Studyk  detect malwares
forensicinsight.org Page 19 / 21 When I met SCADA Case Studyk  Remote Control • RDP, Neturo
forensicinsight.org Page 20 / 21 Discussion topic
forensicinsight.org Page 21 / 21 Discussion topic Case Studyk  What is the data for forensicators?  Disk / Memory Image? Log files?  How can we more preserve evidence? • Imaging is very ideal option. • FTP? / File copy?  How can we keep integrity for chain of custody? • File Hash? / Documents(kind of agreements?) / Burning CD?  How can we acquire field device? • Router, Gateway, Switch, Home network device, even SCADA? • Forensic Acquisition tools? / DD? / file copy? / Cold imaging?

Recommended

Sensitive data in the cloud - you can't do that
Sensitive data in the cloud - you can't do thatSensitive data in the cloud - you can't do that
Sensitive data in the cloud - you can't do thatRunegri
 
Gliding Contest Scoring: current and proposal 8.1.4 for the 2016 IGC plenary
Gliding Contest Scoring: current and proposal 8.1.4 for the 2016 IGC plenaryGliding Contest Scoring: current and proposal 8.1.4 for the 2016 IGC plenary
Gliding Contest Scoring: current and proposal 8.1.4 for the 2016 IGC plenaryReno Filla
 
Janeiro 2017
Janeiro 2017Janeiro 2017
Janeiro 2017Setemi News
 
North Atlantic fucoids in the light of global warming
North Atlantic fucoids in the light of global warmingNorth Atlantic fucoids in the light of global warming
North Atlantic fucoids in the light of global warmingAlexander Jueterbock
 
Syair siti sianah
Syair siti sianahSyair siti sianah
Syair siti sianahAzwira Ariwana
 
2017001
20170012017001
2017001Erika Štarmanová
 
Making Threat Intelligence Actionable Final
Making Threat Intelligence Actionable FinalMaking Threat Intelligence Actionable Final
Making Threat Intelligence Actionable FinalPriyanka Aash
 
Pit fall in typhoid fever 2016
Pit fall in typhoid fever 2016Pit fall in typhoid fever 2016
Pit fall in typhoid fever 2016Walaa Manaa
 

Recommended

Sensitive data in the cloud - you can't do that
Sensitive data in the cloud - you can't do thatSensitive data in the cloud - you can't do that
Sensitive data in the cloud - you can't do thatRunegri
 
Gliding Contest Scoring: current and proposal 8.1.4 for the 2016 IGC plenary
Gliding Contest Scoring: current and proposal 8.1.4 for the 2016 IGC plenaryGliding Contest Scoring: current and proposal 8.1.4 for the 2016 IGC plenary
Gliding Contest Scoring: current and proposal 8.1.4 for the 2016 IGC plenaryReno Filla
 
Janeiro 2017
Janeiro 2017Janeiro 2017
Janeiro 2017Setemi News
 
North Atlantic fucoids in the light of global warming
North Atlantic fucoids in the light of global warmingNorth Atlantic fucoids in the light of global warming
North Atlantic fucoids in the light of global warmingAlexander Jueterbock
 
Syair siti sianah
Syair siti sianahSyair siti sianah
Syair siti sianahAzwira Ariwana
 
2017001
20170012017001
2017001Erika Štarmanová
 
Making Threat Intelligence Actionable Final
Making Threat Intelligence Actionable FinalMaking Threat Intelligence Actionable Final
Making Threat Intelligence Actionable FinalPriyanka Aash
 
Pit fall in typhoid fever 2016
Pit fall in typhoid fever 2016Pit fall in typhoid fever 2016
Pit fall in typhoid fever 2016Walaa Manaa
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation Damir Delija
 
Fix network connection issues in windows windows help
Fix network connection issues in windows windows helpFix network connection issues in windows windows help
Fix network connection issues in windows windows helpGiveme3
 
Leah Aton - Basic troubleshooting techniques.pptx
Leah Aton - Basic troubleshooting techniques.pptxLeah Aton - Basic troubleshooting techniques.pptx
Leah Aton - Basic troubleshooting techniques.pptxJohnelAPantia
 
Sandbox kiev
Sandbox kievSandbox kiev
Sandbox kievuisgslide
 
Governance Services iTime Project: Automated Filing - DevCon 2019
Governance Services iTime Project: Automated Filing - DevCon 2019Governance Services iTime Project: Automated Filing - DevCon 2019
Governance Services iTime Project: Automated Filing - DevCon 2019Tom Page
 
Nagios Conference 2014 - Gerald Combs - A Trillion Truths
Nagios Conference 2014 - Gerald Combs - A Trillion TruthsNagios Conference 2014 - Gerald Combs - A Trillion Truths
Nagios Conference 2014 - Gerald Combs - A Trillion TruthsNagios
 
Disaster Planning: What Organizations Need to Know to Protect Their Tech
Disaster Planning: What Organizations Need to Know to Protect Their TechDisaster Planning: What Organizations Need to Know to Protect Their Tech
Disaster Planning: What Organizations Need to Know to Protect Their TechNTEN
 
Familiar Smells I've Detected in Your Systems Engineering Organization...And ...
Familiar Smells I've Detected in Your Systems Engineering Organization...And ...Familiar Smells I've Detected in Your Systems Engineering Organization...And ...
Familiar Smells I've Detected in Your Systems Engineering Organization...And ...Dave Mangot
 
Disaster planning from TechSoup.org
Disaster planning from TechSoup.orgDisaster planning from TechSoup.org
Disaster planning from TechSoup.orgTechSoup
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationssusercb4686
 
Linux Recovery
Linux RecoveryLinux Recovery
Linux RecoveryVíctor Capetillo
 
Help your tech
Help your tech Help your tech
Help your tech stantons
 
5 stepmainttut
5 stepmainttut5 stepmainttut
5 stepmainttutajay_mane22
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)ClubHack
 
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.Jan Geirnaert
 
The problem of online piracy
The problem of online piracyThe problem of online piracy
The problem of online piracyKyle Taksar
 
lesson 3; inspect and test the configured cs and network handouts
lesson 3; inspect and test the configured cs and network handoutslesson 3; inspect and test the configured cs and network handouts
lesson 3; inspect and test the configured cs and network handoutslorbz
 
CCleaner and case studies in Cyber Security
CCleaner and case studies in Cyber SecurityCCleaner and case studies in Cyber Security
CCleaner and case studies in Cyber SecuritykartikaVashisht
 
Crossing the Production Barrier: Development at Scale
Crossing the Production Barrier: Development at ScaleCrossing the Production Barrier: Development at Scale
Crossing the Production Barrier: Development at Scalejgoulah
 
Chaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just ChaosChaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just ChaosCharity Majors
 
(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensicsINSIGHT FORENSIC
 
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)INSIGHT FORENSIC
 

More Related Content

Similar to Forensic Insight Seminar - Field Device Discussion

LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation Damir Delija
 
Fix network connection issues in windows windows help
Fix network connection issues in windows windows helpFix network connection issues in windows windows help
Fix network connection issues in windows windows helpGiveme3
 
Leah Aton - Basic troubleshooting techniques.pptx
Leah Aton - Basic troubleshooting techniques.pptxLeah Aton - Basic troubleshooting techniques.pptx
Leah Aton - Basic troubleshooting techniques.pptxJohnelAPantia
 
Sandbox kiev
Sandbox kievSandbox kiev
Sandbox kievuisgslide
 
Governance Services iTime Project: Automated Filing - DevCon 2019
Governance Services iTime Project: Automated Filing - DevCon 2019Governance Services iTime Project: Automated Filing - DevCon 2019
Governance Services iTime Project: Automated Filing - DevCon 2019Tom Page
 
Nagios Conference 2014 - Gerald Combs - A Trillion Truths
Nagios Conference 2014 - Gerald Combs - A Trillion TruthsNagios Conference 2014 - Gerald Combs - A Trillion Truths
Nagios Conference 2014 - Gerald Combs - A Trillion TruthsNagios
 
Disaster Planning: What Organizations Need to Know to Protect Their Tech
Disaster Planning: What Organizations Need to Know to Protect Their TechDisaster Planning: What Organizations Need to Know to Protect Their Tech
Disaster Planning: What Organizations Need to Know to Protect Their TechNTEN
 
Familiar Smells I've Detected in Your Systems Engineering Organization...And ...
Familiar Smells I've Detected in Your Systems Engineering Organization...And ...Familiar Smells I've Detected in Your Systems Engineering Organization...And ...
Familiar Smells I've Detected in Your Systems Engineering Organization...And ...Dave Mangot
 
Disaster planning from TechSoup.org
Disaster planning from TechSoup.orgDisaster planning from TechSoup.org
Disaster planning from TechSoup.orgTechSoup
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationssusercb4686
 
Help your tech
Help your tech Help your tech
Help your tech stantons
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)ClubHack
 
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.Jan Geirnaert
 
The problem of online piracy
The problem of online piracyThe problem of online piracy
The problem of online piracyKyle Taksar
 
lesson 3; inspect and test the configured cs and network handouts
lesson 3; inspect and test the configured cs and network handoutslesson 3; inspect and test the configured cs and network handouts
lesson 3; inspect and test the configured cs and network handoutslorbz
 
CCleaner and case studies in Cyber Security
CCleaner and case studies in Cyber SecurityCCleaner and case studies in Cyber Security
CCleaner and case studies in Cyber SecuritykartikaVashisht
 
Crossing the Production Barrier: Development at Scale
Crossing the Production Barrier: Development at ScaleCrossing the Production Barrier: Development at Scale
Crossing the Production Barrier: Development at Scalejgoulah
 
Chaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just ChaosChaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just ChaosCharity Majors
 

Similar to Forensic Insight Seminar - Field Device Discussion (20)

LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation
 
Fix network connection issues in windows windows help
Fix network connection issues in windows windows helpFix network connection issues in windows windows help
Fix network connection issues in windows windows help
 
Leah Aton - Basic troubleshooting techniques.pptx
Leah Aton - Basic troubleshooting techniques.pptxLeah Aton - Basic troubleshooting techniques.pptx
Leah Aton - Basic troubleshooting techniques.pptx
 
Sandbox kiev
Sandbox kievSandbox kiev
Sandbox kiev
 
Governance Services iTime Project: Automated Filing - DevCon 2019
Governance Services iTime Project: Automated Filing - DevCon 2019Governance Services iTime Project: Automated Filing - DevCon 2019
Governance Services iTime Project: Automated Filing - DevCon 2019
 
Nagios Conference 2014 - Gerald Combs - A Trillion Truths
Nagios Conference 2014 - Gerald Combs - A Trillion TruthsNagios Conference 2014 - Gerald Combs - A Trillion Truths
Nagios Conference 2014 - Gerald Combs - A Trillion Truths
 
Disaster Planning: What Organizations Need to Know to Protect Their Tech
Disaster Planning: What Organizations Need to Know to Protect Their TechDisaster Planning: What Organizations Need to Know to Protect Their Tech
Disaster Planning: What Organizations Need to Know to Protect Their Tech
 
Familiar Smells I've Detected in Your Systems Engineering Organization...And ...
Familiar Smells I've Detected in Your Systems Engineering Organization...And ...Familiar Smells I've Detected in Your Systems Engineering Organization...And ...
Familiar Smells I've Detected in Your Systems Engineering Organization...And ...
 
Disaster planning from TechSoup.org
Disaster planning from TechSoup.orgDisaster planning from TechSoup.org
Disaster planning from TechSoup.org
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
Linux Recovery
Linux RecoveryLinux Recovery
Linux Recovery
 
Help your tech
Help your tech Help your tech
Help your tech
 
5 stepmainttut
5 stepmainttut5 stepmainttut
5 stepmainttut
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)
 
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.
 
The problem of online piracy
The problem of online piracyThe problem of online piracy
The problem of online piracy
 
lesson 3; inspect and test the configured cs and network handouts
lesson 3; inspect and test the configured cs and network handoutslesson 3; inspect and test the configured cs and network handouts
lesson 3; inspect and test the configured cs and network handouts
 
CCleaner and case studies in Cyber Security
CCleaner and case studies in Cyber SecurityCCleaner and case studies in Cyber Security
CCleaner and case studies in Cyber Security
 
Crossing the Production Barrier: Development at Scale
Crossing the Production Barrier: Development at ScaleCrossing the Production Barrier: Development at Scale
Crossing the Production Barrier: Development at Scale
 
Chaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just ChaosChaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just Chaos
 

More from INSIGHT FORENSIC

(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensicsINSIGHT FORENSIC
 
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)INSIGHT FORENSIC
 
(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)INSIGHT FORENSIC
 
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fsINSIGHT FORENSIC
 
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trendINSIGHT FORENSIC
 
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안INSIGHT FORENSIC
 
(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifactsINSIGHT FORENSIC
 
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식INSIGHT FORENSIC
 
(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatchINSIGHT FORENSIC
 
(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석INSIGHT FORENSIC
 
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석INSIGHT FORENSIC
 
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법INSIGHT FORENSIC
 
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysisINSIGHT FORENSIC
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur lsINSIGHT FORENSIC
 
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)INSIGHT FORENSIC
 
(130202) #fitalk china threat
(130202) #fitalk china threat(130202) #fitalk china threat
(130202) #fitalk china threatINSIGHT FORENSIC
 
(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensicsINSIGHT FORENSIC
 
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threatINSIGHT FORENSIC
 
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recoveryINSIGHT FORENSIC
 
(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)INSIGHT FORENSIC
 

More from INSIGHT FORENSIC (20)

(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics
 
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)
 
(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)
 
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
 
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend
 
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
 
(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts
 
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
 
(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch
 
(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석
 
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
 
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
 
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
 
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)
 
(130202) #fitalk china threat
(130202) #fitalk china threat(130202) #fitalk china threat
(130202) #fitalk china threat
 
(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics
 
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat
 
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery
 
(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Forensic Insight Seminar - Field Device Discussion

  • 1. FORENSIC INSIGHT SEMINAR Discussionyk #1 : Field device ykei ykei.egloos.com @ykx100
  • 2. forensicinsight.org Page 2 / 21 개요 1. Background 2. Problems 3. When I met SCADA 4. Discussion topic
  • 3. forensicinsight.org Page 3 / 21 Background - What is a field device - Why we need to care this
  • 4. forensicinsight.org Page 4 / 21 Background  What is a field device in here?
  • 5. forensicinsight.org Page 5 / 21 Background Why we need to care this?  Fxxk the mass-media  Have to cross check → Be trustworthy  For find the smoking-bit (specially, manipulate digital evidence)  no way without this M a j o r t h r e a t f o r e n s i c a t o r s
  • 6. forensicinsight.org Page 6 / 21 Problems - Issues that I met - Example
  • 7. forensicinsight.org Page 7 / 21 Problems Issues If  Interfaces It hasn’t usb, cdrom, display, keyboard, ethernet  FileSystem Mount Do not support NTFS? or trouble in recognize  OS Compatibility tools No excutable imaging tool, even DD  The risk of system failure We have no time for verification situation.  Capacity / Time Another headache factors O f c o u r s e , w e h a v e t o k e e p i n t e g r i t y o f e v i d e n c e ! C a n y o u a c c o m p l i s h m e n t t h i s m i s s i o n ?
  • 8. forensicinsight.org Page 8 / 21 Problems Examples  Router / Switch • Telnet, Console Connection • But No Imaging tools  Home Router (Wire, Wireless) • Telnet, Web Admin • No Imaging tools (but It can be execute static DD binary)  Home SCADA • Nothing !! Just opened stupid console
  • 9. forensicinsight.org Page 9 / 21 When I met SCADA - Case Studyk
  • 10. forensicinsight.org Page 10 / 21 I Thinks… case Case Studyk
  • 11. forensicinsight.org Page 11 / 21 When I met SCADA Case Studyk
  • 12. forensicinsight.org Page 12 / 21 When I met SCADA Case Studyk  Prepare
  • 13. forensicinsight.org Page 13 / 21 When I met SCADA Case Studyk  See pic… Sorry
  • 14. forensicinsight.org Page 14 / 21 When I met SCADA Case Studyk  Log
  • 15. forensicinsight.org Page 15 / 21 When I met SCADA Case Studyk  Test
  • 16. forensicinsight.org Page 16 / 21 When I met SCADA Case Studyk  Vaccine
  • 17. forensicinsight.org Page 17 / 21 When I met SCADA Case Studyk  Un-detect malware
  • 18. forensicinsight.org Page 18 / 21 When I met SCADA Case Studyk  detect malwares
  • 19. forensicinsight.org Page 19 / 21 When I met SCADA Case Studyk  Remote Control • RDP, Neturo
  • 20. forensicinsight.org Page 20 / 21 Discussion topic
  • 21. forensicinsight.org Page 21 / 21 Discussion topic Case Studyk  What is the data for forensicators?  Disk / Memory Image? Log files?  How can we more preserve evidence? • Imaging is very ideal option. • FTP? / File copy?  How can we keep integrity for chain of custody? • File Hash? / Documents(kind of agreements?) / Burning CD?  How can we acquire field device? • Router, Gateway, Switch, Home network device, even SCADA? • Forensic Acquisition tools? / DD? / file copy? / Cold imaging?