A pair of shoes in the thesaurus; some reflexions on human and computer indexingEric Sieverts
The document discusses how knowledge organization systems like thesauri and ontologies are used for indexing and searching in digital libraries and the semantic web. It provides examples of how concepts and relations from a thesaurus or ontology can be represented in RDF to enable semantic searching across linked data sources.
DV 2016: Don't Track Me, Bro - Security and Privacy as a DifferentiatorTealium
Joe Christopher, Blast Analytics & Marketing
With the rise of Big Data, we’ve seen significant changes in innovation surrounding collecting, storing, and leveraging customer data. At the same time, consumers are expressing an increasing concern over their privacy and how their data is being used. Companies now have an opportunity to differentiate with the privacy and data security they offer to customers, and ultimately, win the trust of privacy conscious shoppers. In this session, Joe Christopher of Blast Analytics and Marketing explores how the government agency overseeing Healthcare.gov – the Health Insurance Marketplace - transformed their relationship with consumers by offering the most advanced, granular privacy controls available.
The document discusses security and privacy issues related to web browsers. It outlines how targeted attacks on web browsers are increasingly motivated by financial gain. It then discusses common web browser vulnerabilities and how informed consent is important for privacy and security. The document proposes designs for enhancing user understanding of events like cookies with minimal distraction. It also discusses strengthening browser security against man-in-the-middle and eavesdropping attacks.
The document summarizes browser security challenges and modern security features. It discusses how the browser enforces the same-origin policy to isolate websites, but how malicious code could turn the browser evil. It then outlines security features like sandboxing, tab isolation, and security headers that browsers implement to minimize damage from compromises and strengthen website security. These features help compensate for website vulnerabilities and block attacks like cross-site scripting.
This talk is a generic but comprehensive overview of security mechanism, controls and potential attacks in modern browsers. The talk focuses also on new technologies, such as HTML5 and related APIs to highlight new attack scenario against browsers.
This document discusses the $UsnJrnl journal file in NTFS file systems and its use for digital forensics investigations. The $UsnJrnl file records changes made to files and directories on the system. Tools are discussed for extracting and parsing the $UsnJrnl records to analyze file system activity and trace deleted files. The document also introduces NTFS Log Tracker v1.4, a tool that can carve $UsnJrnl records from unallocated space and perform keyword searches across recovered records.
A pair of shoes in the thesaurus; some reflexions on human and computer indexingEric Sieverts
The document discusses how knowledge organization systems like thesauri and ontologies are used for indexing and searching in digital libraries and the semantic web. It provides examples of how concepts and relations from a thesaurus or ontology can be represented in RDF to enable semantic searching across linked data sources.
DV 2016: Don't Track Me, Bro - Security and Privacy as a DifferentiatorTealium
Joe Christopher, Blast Analytics & Marketing
With the rise of Big Data, we’ve seen significant changes in innovation surrounding collecting, storing, and leveraging customer data. At the same time, consumers are expressing an increasing concern over their privacy and how their data is being used. Companies now have an opportunity to differentiate with the privacy and data security they offer to customers, and ultimately, win the trust of privacy conscious shoppers. In this session, Joe Christopher of Blast Analytics and Marketing explores how the government agency overseeing Healthcare.gov – the Health Insurance Marketplace - transformed their relationship with consumers by offering the most advanced, granular privacy controls available.
The document discusses security and privacy issues related to web browsers. It outlines how targeted attacks on web browsers are increasingly motivated by financial gain. It then discusses common web browser vulnerabilities and how informed consent is important for privacy and security. The document proposes designs for enhancing user understanding of events like cookies with minimal distraction. It also discusses strengthening browser security against man-in-the-middle and eavesdropping attacks.
The document summarizes browser security challenges and modern security features. It discusses how the browser enforces the same-origin policy to isolate websites, but how malicious code could turn the browser evil. It then outlines security features like sandboxing, tab isolation, and security headers that browsers implement to minimize damage from compromises and strengthen website security. These features help compensate for website vulnerabilities and block attacks like cross-site scripting.
This talk is a generic but comprehensive overview of security mechanism, controls and potential attacks in modern browsers. The talk focuses also on new technologies, such as HTML5 and related APIs to highlight new attack scenario against browsers.
This document discusses the $UsnJrnl journal file in NTFS file systems and its use for digital forensics investigations. The $UsnJrnl file records changes made to files and directories on the system. Tools are discussed for extracting and parsing the $UsnJrnl records to analyze file system activity and trace deleted files. The document also introduces NTFS Log Tracker v1.4, a tool that can carve $UsnJrnl records from unallocated space and perform keyword searches across recovered records.
This document discusses digital forensics analysis of call history and SMS data on Apple devices running OS X Yosemite. It provides information on the file paths and database formats used to store call history and SMS data, as well as the attributes that can be analyzed, such as sending/receiving dates, durations, and contact details. It also mentions that call history data may be encrypted and requires decryption to view contact details.
(140716) #fitalk digital evidence from android-based smartwatchINSIGHT FORENSIC
This document discusses extracting digital evidence from an Android-based Samsung Galaxy Gear smartwatch. It describes accessing the smartwatch by rooting it and then imaging the internal memory to extract potential digital evidence files. Four specific files are identified that could provide useful evidence, including Bluetooth pairing information, SMS/email sync data, find my device activity logs, and local weather information tied to location. The conclusion speculates that future work will focus on extracting evidence from newer Galaxy Gear models.
This document discusses SQLite record recovery from deleted areas of an SQLite database file. It begins with an introduction to SQLite and why it is useful for forensic analysis. It then covers the structure of SQLite database files including header pages, table B-trees, index B-trees, overflow pages, and free pages. The document simulates traversing and parsing the cells within a table B-tree to understand how records are stored and indexed. It aims to help analysts understand SQLite file structure to enable recovery of deleted records through analysis of unused areas.
This document discusses techniques for obfuscating URLs to hide malicious intent. It begins with an overview of URL shortening services that can be used to hide the destination of a link. Various methods for obfuscating URLs are then described, including encoding IP addresses in octal format, URL encoding, and tricks involving the URI structure. The document provides a challenge for safely deconstructing an obfuscated URL step-by-step either manually or automatically. It concludes with an explanation of how the challenge URL was obfuscated using chaining of different techniques.
The document discusses China's strategy of internet censorship and control. It mentions China's large number of internet users and rapid growth of mobile internet users. It then discusses China's strategy of "human-wave" attacks to overwhelm websites with traffic to enact censorship. Next, it discusses China's extensive censorship system called the "Great Firewall" and how it uses techniques like IP blocking and DNS filtering to control internet access and content. Finally, it briefly mentions the black market for DDoS attacks and real-money trading that has emerged from China's controls.
The document discusses several advanced persistent threats (APTs) that have targeted systems in Korea and other countries, including the LuckyCat, Heartbeat, and Flashback malware campaigns. It provides details on the attacks, malware components, command and control infrastructure, and technical analysis of the threats. The document aims to help the digital forensics community in Korea understand these sophisticated cyber espionage activities and improve defenses against similar attacks.
(130105) #fitalk trends in d forensics (dec, 2012)INSIGHT FORENSIC
This document summarizes trends in digital forensics from South Korea in December 2012. It discusses extracting malware from NTFS extended attributes, analyzing prefetch files, and trends for 2013 including growing mobile malware. It also summarizes testing of Windows 8 involving installing applications, connecting web accounts, and imaging a test laptop to analyze forensic artifacts.
(130105) #fitalk criminal civil judicial procedure in koreaINSIGHT FORENSIC
This document discusses digital forensics and the legal system in Korea. It provides an overview of criminal and civil judicial procedures, the role of expert witnesses, and precedents. It also examines the qualifications and certification process for digital forensics experts in Korea and other countries like the US. Key topics covered include how digital evidence is handled and the advantages of having an officially recognized expert.
(131116) #fitalk extracting user typing history on bash in mac os x memoryINSIGHT FORENSIC
This document provides an overview of extracting Bash command history from Unix memory images using digital forensics techniques. It discusses how Bash stores command history in memory and on disk, and how forensic analysts can extract that history from a memory dump. It includes a case study demonstrating extracting Bash history from multiple processes and showing that the "history -c" command only clears history for that individual process. The document aims to help digital forensics practitioners recover command history during memory forensics investigations.
This document discusses digital forensics analysis of call history and SMS data on Apple devices running OS X Yosemite. It provides information on the file paths and database formats used to store call history and SMS data, as well as the attributes that can be analyzed, such as sending/receiving dates, durations, and contact details. It also mentions that call history data may be encrypted and requires decryption to view contact details.
(140716) #fitalk digital evidence from android-based smartwatchINSIGHT FORENSIC
This document discusses extracting digital evidence from an Android-based Samsung Galaxy Gear smartwatch. It describes accessing the smartwatch by rooting it and then imaging the internal memory to extract potential digital evidence files. Four specific files are identified that could provide useful evidence, including Bluetooth pairing information, SMS/email sync data, find my device activity logs, and local weather information tied to location. The conclusion speculates that future work will focus on extracting evidence from newer Galaxy Gear models.
This document discusses SQLite record recovery from deleted areas of an SQLite database file. It begins with an introduction to SQLite and why it is useful for forensic analysis. It then covers the structure of SQLite database files including header pages, table B-trees, index B-trees, overflow pages, and free pages. The document simulates traversing and parsing the cells within a table B-tree to understand how records are stored and indexed. It aims to help analysts understand SQLite file structure to enable recovery of deleted records through analysis of unused areas.
This document discusses techniques for obfuscating URLs to hide malicious intent. It begins with an overview of URL shortening services that can be used to hide the destination of a link. Various methods for obfuscating URLs are then described, including encoding IP addresses in octal format, URL encoding, and tricks involving the URI structure. The document provides a challenge for safely deconstructing an obfuscated URL step-by-step either manually or automatically. It concludes with an explanation of how the challenge URL was obfuscated using chaining of different techniques.
The document discusses China's strategy of internet censorship and control. It mentions China's large number of internet users and rapid growth of mobile internet users. It then discusses China's strategy of "human-wave" attacks to overwhelm websites with traffic to enact censorship. Next, it discusses China's extensive censorship system called the "Great Firewall" and how it uses techniques like IP blocking and DNS filtering to control internet access and content. Finally, it briefly mentions the black market for DDoS attacks and real-money trading that has emerged from China's controls.
The document discusses several advanced persistent threats (APTs) that have targeted systems in Korea and other countries, including the LuckyCat, Heartbeat, and Flashback malware campaigns. It provides details on the attacks, malware components, command and control infrastructure, and technical analysis of the threats. The document aims to help the digital forensics community in Korea understand these sophisticated cyber espionage activities and improve defenses against similar attacks.
(130105) #fitalk trends in d forensics (dec, 2012)INSIGHT FORENSIC
This document summarizes trends in digital forensics from South Korea in December 2012. It discusses extracting malware from NTFS extended attributes, analyzing prefetch files, and trends for 2013 including growing mobile malware. It also summarizes testing of Windows 8 involving installing applications, connecting web accounts, and imaging a test laptop to analyze forensic artifacts.
(130105) #fitalk criminal civil judicial procedure in koreaINSIGHT FORENSIC
This document discusses digital forensics and the legal system in Korea. It provides an overview of criminal and civil judicial procedures, the role of expert witnesses, and precedents. It also examines the qualifications and certification process for digital forensics experts in Korea and other countries like the US. Key topics covered include how digital evidence is handled and the advantages of having an officially recognized expert.
(131116) #fitalk extracting user typing history on bash in mac os x memoryINSIGHT FORENSIC
This document provides an overview of extracting Bash command history from Unix memory images using digital forensics techniques. It discusses how Bash stores command history in memory and on disk, and how forensic analysts can extract that history from a memory dump. It includes a case study demonstrating extracting Bash history from multiple processes and showing that the "history -c" command only clears history for that individual process. The document aims to help digital forensics practitioners recover command history during memory forensics investigations.
(131102) #fitalk get windows logon password in memory dump
(121027) #fitalk big brother forensics, device tracking using browser-based artifacts
1. FORENSIC INSIGHT SEMINAR
Big Brother Forensics :
Device Tracking Using Browser-Based Artifacts
proneer
proneer@gmail.com
http://forensic-proof.com
Kim Jinkook
2. forensicinsight.org Page 2 / 35
Big Brother Forensics
영국 소설가인 조지 오웰(George Orwell, 1903∼1950)의 소설 “1984년”의 등장인물
정보를 독점하여 사회를 감시하는 독재체제
빅브라더 사회로 가고 있나? 아니면…
빅브라더 포렌식은?
빅브라더
3. forensicinsight.org Page 3 / 35
Big Brother Forensics
Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 1)
Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 2)
Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 3)
SANS 포스팅
11. forensicinsight.org Page 11 / 35
Big Brother Forensics
Geolocation API 지원
활용 데이터 : WIFI 위치, 3G 기지국 삼각 측량, GPS 데이터, IP 주소 기반
Geolocation(2) : HTML5
http://caniuse.com/
12. forensicinsight.org Page 12 / 35
Big Brother Forensics
Geolocation API 지원
Geolocation(2) : HTML5
http://forensicmethods.com/wp-content/uploads/2012/04/Location_Sharing.jpg
Default
13. forensicinsight.org Page 13 / 35
Big Brother Forensics
Geolocation API 샘플 (http://www.w3schools.com/html/html5_geolocation.asp)
Geolocation(2) : HTML5
<!DOCTYPE html>
<html>
<body>
<p id="demo">Click the button to get your coordinates:</p>
<button onclick="getLocation()">Try It</button>
<script>
var x=document.getElementById("demo");
function getLocation()
{
if (navigator.geolocation)
{
navigator.geolocation.getCurrentPosition(showPosition);
}
else{
x.innerHTML="Geolocation is not supported by this browser.";
}
}
function showPosition(position)
{
x.innerHTML="Latitude: " + position.coords.latitude +
"<br>Longitude: " + position.coords.longitude;
}
</script>
</body>
</html>
15. forensicinsight.org Page 15 / 35
Big Brother Forensics
Auto tracking using HTML5: http://www.mileage-charts.com/search/calc.php
자동으로 현재 위치를 구글맵에 표시
인터넷 사용흔적 확인
Geolocation(3) : Google Map
16. forensicinsight.org Page 16 / 35
Big Brother Forensics
구글맵 연동 사이트 방문 히스토리
구글맵 연동 사이트 방문 캐시
Geolocation(3) : Google Map