Project Panorama: vistas on validated informationEric Sieverts
The document discusses the Project Panorama which aims to address problems with finding trusted and validated information online. It seeks to create a search system that indexes validated information from libraries and makes it easily accessible to the public for free. It conducted interviews and found that people want a simple one-stop search that can both search various resources and provide full-text access or pointers to full content when needed. It considers using an integrated search engine or federated search and how best to provide access to licensed materials.
Project Panorama: vistas on validated informationEric Sieverts
The document discusses the Project Panorama which aims to address problems with finding trusted and validated information online. It seeks to create a search system that indexes validated information from libraries and makes it easily accessible to the public for free. It conducted interviews and found that people want a simple one-stop search that can both search various resources and provide full-text access or pointers to full content when needed. It considers using an integrated search engine or federated search and how best to provide access to licensed materials.
A pair of shoes in the thesaurus; some reflexions on human and computer indexingEric Sieverts
The document discusses how knowledge organization systems like thesauri and ontologies are used for indexing and searching in digital libraries and the semantic web. It provides examples of how concepts and relations from a thesaurus or ontology can be represented in RDF to enable semantic searching across linked data sources.
This document discusses forensic analysis techniques for resurrecting dead digital systems and services. It explains how a forensic expert can use virtualization technology to mount disk images from a dead system and boot it in a virtual machine to extract information. The document outlines steps like adjusting for physical drivers, checking disk order and mount points, fixing RAID bugs, updating kernel and bootloader information, recovering database files, and adjusting network settings to resurrect dead systems and services. It also discusses how resurrection can be done while maintaining the chain of custody of evidence.
Searching the internet - what patent searchers should knowEric Sieverts
1. Google search results are unreliable and inconsistent as numbers are not stable, results are irreproducible, and Google is constantly changing its interface and removing functions.
2. To search for publication dates more reliably, the text and metadata of pages must be checked as Google date limitations are not always accurate. The Wayback Machine can help find previous versions of pages.
3. Beyond Google, other search engines like Bing, Yahoo, and Exalead have more advanced search functions and together account for 30% of the market share in the US. Material-specific search engines also exist for blogs, videos, images, science, and news.
1. The document discusses various Twitter analytics tools and metrics including TweetDeck, Topsy, and Information is Beautiful.
2. Details are provided on following counts, followers counts, retweets and mentions for various Twitter accounts.
3. Links and screenshots are shared related to Twitter analytics, backgrounds, polls and other Twitter resources.
가장 내 편이어야 할 사람이 바로 '나'인데, 정작 ‘나'야말로 내 편이 아닌 것 같습니다. 자기자신을 반복적인 자동성에 방치한 채 더 좋은 스펙, 더 높은 곳으로만 나아가려고 합니다. 무턱대고 꿈의 흔적을 좇는 것보다 눈과 귀를 열고 생활속에서 새로운 의문을 발견하는 것이 중요합니다. 대부분의 청년들이 지역을 떠날때, 지역에서 제가 할 수 있는 부분들을 채우다보니 빌 게이츠, 엘 고어 같은 훌륭한 사람들이 올라가는 TED의 초청을 받아 시민들의 후원으로 미국에도 갔다올 수 있게 되었고, 전세계 BMW 자동차 디자이너들이 저를 만나러 직접 찾아오기도 했습니다. 지금 그대로, 여기에서 함께 뛰어보지 않을래요?
The SlideShare 101 is a quick start guide if you want to walk through the main features that the platform offers. This will keep getting updated as new features are launched.
The SlideShare 101 replaces the earlier "SlideShare Quick Tour".
A pair of shoes in the thesaurus; some reflexions on human and computer indexingEric Sieverts
The document discusses how knowledge organization systems like thesauri and ontologies are used for indexing and searching in digital libraries and the semantic web. It provides examples of how concepts and relations from a thesaurus or ontology can be represented in RDF to enable semantic searching across linked data sources.
This document discusses forensic analysis techniques for resurrecting dead digital systems and services. It explains how a forensic expert can use virtualization technology to mount disk images from a dead system and boot it in a virtual machine to extract information. The document outlines steps like adjusting for physical drivers, checking disk order and mount points, fixing RAID bugs, updating kernel and bootloader information, recovering database files, and adjusting network settings to resurrect dead systems and services. It also discusses how resurrection can be done while maintaining the chain of custody of evidence.
Searching the internet - what patent searchers should knowEric Sieverts
1. Google search results are unreliable and inconsistent as numbers are not stable, results are irreproducible, and Google is constantly changing its interface and removing functions.
2. To search for publication dates more reliably, the text and metadata of pages must be checked as Google date limitations are not always accurate. The Wayback Machine can help find previous versions of pages.
3. Beyond Google, other search engines like Bing, Yahoo, and Exalead have more advanced search functions and together account for 30% of the market share in the US. Material-specific search engines also exist for blogs, videos, images, science, and news.
1. The document discusses various Twitter analytics tools and metrics including TweetDeck, Topsy, and Information is Beautiful.
2. Details are provided on following counts, followers counts, retweets and mentions for various Twitter accounts.
3. Links and screenshots are shared related to Twitter analytics, backgrounds, polls and other Twitter resources.
가장 내 편이어야 할 사람이 바로 '나'인데, 정작 ‘나'야말로 내 편이 아닌 것 같습니다. 자기자신을 반복적인 자동성에 방치한 채 더 좋은 스펙, 더 높은 곳으로만 나아가려고 합니다. 무턱대고 꿈의 흔적을 좇는 것보다 눈과 귀를 열고 생활속에서 새로운 의문을 발견하는 것이 중요합니다. 대부분의 청년들이 지역을 떠날때, 지역에서 제가 할 수 있는 부분들을 채우다보니 빌 게이츠, 엘 고어 같은 훌륭한 사람들이 올라가는 TED의 초청을 받아 시민들의 후원으로 미국에도 갔다올 수 있게 되었고, 전세계 BMW 자동차 디자이너들이 저를 만나러 직접 찾아오기도 했습니다. 지금 그대로, 여기에서 함께 뛰어보지 않을래요?
The SlideShare 101 is a quick start guide if you want to walk through the main features that the platform offers. This will keep getting updated as new features are launched.
The SlideShare 101 replaces the earlier "SlideShare Quick Tour".
[2013 CodeEngn Conference 09] proneer - Malware TrackerGangSeok Lee
2013 CodeEngn Conference 09
최근 조직의 침해는 조직의 보안 환경이 강화되면서 장기간에 걸쳐 일어난다. 목적을 달성할때까지 지속 매커니즘을 사용하여 시스템에 잠복하거나 다른 시스템으로 이동해간다. 이런 상황에서 악성코드가 사용하는 지속 매커니즘은 무엇이 있는지, 그리고 침해사고를 조기에 인지하여 악성코드의 유입 경로를 찾을 수 있는 방안을 살펴본다.
http://codeengn.com/conference/09
http://codeengn.com/conference/archive
4차 산업혁명 시대의 세이프티 플랜이라는 주제로 개최된 "세이프티 SW 2017" 행사에서 발표한 자료를 공유합니다. 최근 들어
해킹 사고가 빈번하게 발생하는 이유를 소개했구요, 사물인터넷 보안과 인터넷 보안의 차이, 그리고 사물인터넷 보안 사고의 유형을 다양한 사례를 통해 살펴본 후 대응 방안을 몇 가지 언급했습니다.
This document discusses the $UsnJrnl journal file in NTFS file systems and its use for digital forensics investigations. The $UsnJrnl file records changes made to files and directories on the system. Tools are discussed for extracting and parsing the $UsnJrnl records to analyze file system activity and trace deleted files. The document also introduces NTFS Log Tracker v1.4, a tool that can carve $UsnJrnl records from unallocated space and perform keyword searches across recovered records.
This document discusses digital forensics analysis of call history and SMS data on Apple devices running OS X Yosemite. It provides information on the file paths and database formats used to store call history and SMS data, as well as the attributes that can be analyzed, such as sending/receiving dates, durations, and contact details. It also mentions that call history data may be encrypted and requires decryption to view contact details.
(140716) #fitalk digital evidence from android-based smartwatchINSIGHT FORENSIC
This document discusses extracting digital evidence from an Android-based Samsung Galaxy Gear smartwatch. It describes accessing the smartwatch by rooting it and then imaging the internal memory to extract potential digital evidence files. Four specific files are identified that could provide useful evidence, including Bluetooth pairing information, SMS/email sync data, find my device activity logs, and local weather information tied to location. The conclusion speculates that future work will focus on extracting evidence from newer Galaxy Gear models.
This document discusses SQLite record recovery from deleted areas of an SQLite database file. It begins with an introduction to SQLite and why it is useful for forensic analysis. It then covers the structure of SQLite database files including header pages, table B-trees, index B-trees, overflow pages, and free pages. The document simulates traversing and parsing the cells within a table B-tree to understand how records are stored and indexed. It aims to help analysts understand SQLite file structure to enable recovery of deleted records through analysis of unused areas.
This document discusses techniques for obfuscating URLs to hide malicious intent. It begins with an overview of URL shortening services that can be used to hide the destination of a link. Various methods for obfuscating URLs are then described, including encoding IP addresses in octal format, URL encoding, and tricks involving the URI structure. The document provides a challenge for safely deconstructing an obfuscated URL step-by-step either manually or automatically. It concludes with an explanation of how the challenge URL was obfuscated using chaining of different techniques.
The document discusses China's strategy of internet censorship and control. It mentions China's large number of internet users and rapid growth of mobile internet users. It then discusses China's strategy of "human-wave" attacks to overwhelm websites with traffic to enact censorship. Next, it discusses China's extensive censorship system called the "Great Firewall" and how it uses techniques like IP blocking and DNS filtering to control internet access and content. Finally, it briefly mentions the black market for DDoS attacks and real-money trading that has emerged from China's controls.
The document discusses several advanced persistent threats (APTs) that have targeted systems in Korea and other countries, including the LuckyCat, Heartbeat, and Flashback malware campaigns. It provides details on the attacks, malware components, command and control infrastructure, and technical analysis of the threats. The document aims to help the digital forensics community in Korea understand these sophisticated cyber espionage activities and improve defenses against similar attacks.
(130105) #fitalk trends in d forensics (dec, 2012)INSIGHT FORENSIC
This document summarizes trends in digital forensics from South Korea in December 2012. It discusses extracting malware from NTFS extended attributes, analyzing prefetch files, and trends for 2013 including growing mobile malware. It also summarizes testing of Windows 8 involving installing applications, connecting web accounts, and imaging a test laptop to analyze forensic artifacts.
(130105) #fitalk criminal civil judicial procedure in koreaINSIGHT FORENSIC
This document discusses digital forensics and the legal system in Korea. It provides an overview of criminal and civil judicial procedures, the role of expert witnesses, and precedents. It also examines the qualifications and certification process for digital forensics experts in Korea and other countries like the US. Key topics covered include how digital evidence is handled and the advantages of having an officially recognized expert.
(130105) #fitalk criminal civil judicial procedure in korea
(130413) #fitalk trends in d forensics (mar, 2013)
1. FORENSIC INSIGHT;
DIGITAL FORENSICS COMMUNITY IN KOREA
Trends in dForensics, Mar/2013
JK Kim
proneer
proneer@gmail.com
http://forensic-proof.com
Security is a people problem…
2. forensicinsight.org Page 2
Trends in dForensics, Mar/2013
파일시스템 터널링을 주의하자 (Pay Attention to the File System Tunneling)
포렌식 이미징 도구 비교 (FTK vs Tableau vs EnCase Imager)
부트 프리패치 파일 최대한 활용하기 (How to Make the Best Use of NTOSBOOT Prefetch file)
배드 섹터와 포렌식 이미징 (Bad Sectors vs Forensic Imaging)
[인터뷰#2] 한국저작권위원회 감정포렌식팀 방효근 과장
구글 드라이브 아티팩트 (Google Drive Artifacts)
3.20 사이버테러 저장매체 복구 관점에서 (3.20 Cyber-Terror from recovery perspectives)
3.20 사이버테러 저장매체 복구 방법 (3.20 Cyber Terror’s Damaged Partition Recovery)
3.20 사이버테러 저장매체 상세 복구 방법 (3.20 Cyber Terror’s Damaged Partition Recovery)
FORENSIC-PROOF (forensic-proof.com/)
3. forensicinsight.org Page 3
Trends in dForensics, Mar/2013
Mobile Encryption: The Good, the Bad and the Broken (slide)
Getting sys_call_table on Android
Dude, Where’s My Droid?! – RootedCON 2013 Presentation (slide)
Troopers 13 Presentation – Corporate Espionage via Mobile Compromise (slide)
Security vulnerabilities in Any.DO mobile app for Android (slide)
HTCIA – Android Forensics Training Presentation – March 22, 2013 (slide)
viaForensics (viaforensics.com)
4. forensicinsight.org Page 4
Trends in dForensics, Mar/2013
UAC Impact on Malware
• DLL Search Order
SafeDllSearchMode 활성화
1. 어플리케이션이 로드된 디렉터리
2. 시스템 디렉터리
3. 16비트 시스템 디렉터리
4. 윈도우 디렉터리
5. 현재 디렉터리
6. 환경 변수에 등록된 디렉터리
DLL 검색 순서는 사용하는 함수에 따라서도 차이
LoadLibrary() vs. LoadLibraryEx() vs. SetDllDirectory()
Journey Into Incident Response (journeyintoir.blogspot.kr/) (cont’d)
SafeDllSearchMode 비활성화
1. 어플리케이션이 로드된 디렉터리
2. 현재 디렉터리
3. 시스템 디렉터리
4. 16비트 시스템 디렉터리
5. 윈도우 디렉터리
6. 환경 변수에 등록된 디렉터리
5. forensicinsight.org Page 5
Trends in dForensics, Mar/2013
UAC Impact on Malware
• DLL Search Order Vulnerability
ZeroAccess Method to Bypass UAC
감염된 웹 사이트 접속
• 악성 InstallFlashPlayer.exe 다운 (%UserProfile%AppDataLocalTemp)
• 악성 msimg32.dll도 함께 다운 (%UserProfile%AppDataLocalTemp)
• InstallFlashPlayer.exe 실행
DLL 로드 순서
메타스플로잇을 이용해 검증
Journey Into Incident Response (journeyintoir.blogspot.kr/)
LdrLoadDll
( "C:UserslabAppDataLocalTemp;C:Windowssystem32;C:Windowssystem;C:Windows;.;C:
Windowssystem32;C:Windows;C:WindowsSystem32Wbem;C:WindowsSystem32WindowsPower
Shellv1.0", 0x0028fa78, 0x0028fa64, 0x0028fa7c )
6. forensicinsight.org Page 6
Trends in dForensics, Mar/2013
Online data explosion brings new forensic collection techniques
• 소셜미디어와 웹 메일의 급격한 성장으로 온라인 데이터의 폭발적 증가
이디스커버리와 디지털 포렌식 절차에 영향
• 소셜미디어 통계
5분 중 1분은 온라인 소셜 네트워크에 사용
한 달에 6.6 시간을 페이스북에 소비
매달 3백만 개의 블로그가 새로 생성
매일 4억 개의 트윗 생성
매 분마다 플리커에 450만개의 사진 업로드
매 분마다 유투브에 72시간 분량의 비디오가 업로드
Evidence Technology Magazine (evidencemagazine.com/) (cont’d)
7. forensicinsight.org Page 7
Trends in dForensics, Mar/2013
Online data explosion brings new forensic collection techniques
• 3,100,000,000 – 31억 개의 웹메일 계정
• 901,000,000 – 9억 백만 개의 페이스북 적극 사용자
• 54,000,000 – 5천 4백만 개의 워드프레스 사이트
• 160,000,000 – 1억 6천만 개의 링크드인 사용자
• 64,000,000 – 6천 4백만 개의 Tumblr 블로그
• 140,000,000 – 1억 4천만 개의 트위터 적극 사용자
• 2,400,000,000 – 24억 개의 소셜 네트워크 계정
• 이에 따라 최근 소송이나 조사에서 온라인 정보는 필수!!! 효과적인 수집 방법
Evidence Technology Magazine (evidencemagazine.com/) (cont’d)
8. forensicinsight.org Page 8
Trends in dForensics, Mar/2013
Online data explosion brings new forensic collection techniques
• The Evolution of eDiscovery
다양한 미디어와 여러 파일 형식을 다루기 위한 표준과 최선책을 개발하며 발전
소셜 네트워크 사이트(SNS)와 웹메일 플랫폼의 데이터는 상대적으로 NEW!!
각 SNS, 웹 메일은 고유한 형식을 사용 Challenge!!
초기 문맥과 의미를 유지한 상태로 디지털 증거를 수집 및 보존하는 것이 필요
Evidence Technology Magazine (evidencemagazine.com/) (cont’d)
9. forensicinsight.org Page 9
Trends in dForensics, Mar/2013
Online data explosion brings new forensic collection techniques
• Webmail Collection
웹메일 형식이 모두 제각각, 출력 형식도 제각각 효과적으로 추려내기가 힘듦
실제 케이스
• 80개의 계정, 500,000 이메일 메시지 수집 및 처리
• EML, Lotus Notes, Exchange, IMAP/POP3, Gmail, Live Mail, Yahoo, Apple Me.com, … …
• 신속 정확히 다양한 전자메일 형식을 수집할 수 있는 도구가 X!!
• 수집 후 중복 처리도 큰 문제 이디스커버리를 위해 데이터 양을 줄여야 함
결국, 독자적으로 수집 및 처리 프로그램을 개발하여 작업 수행
Evidence Technology Magazine (evidencemagazine.com/) (cont’d)
10. forensicinsight.org Page 10
Trends in dForensics, Mar/2013
Online data explosion brings new forensic collection techniques
• Social Networking Sites: Facebook, Twitter, LinkedIn, Google
페이스북 : 전체 사용자 데이터를 쉽게 다운로드
Evidence Technology Magazine (evidencemagazine.com/) (cont’d)
11. forensicinsight.org Page 11
Trends in dForensics, Mar/2013
Online data explosion brings new forensic collection techniques
• Social Networking Sites: Facebook, Twitter, LinkedIn, Google
트위터 : 전체 트윗을 쉽게 다운로드
• Settings Your Twitter archive
Evidence Technology Magazine (evidencemagazine.com/) (cont’d)
12. forensicinsight.org Page 12
Trends in dForensics, Mar/2013
Online data explosion brings new forensic collection techniques
• Social Networking Sites: Facebook, Twitter, LinkedIn, Google
트위터 : 전체 트윗을 쉽게 다운로드
Evidence Technology Magazine (evidencemagazine.com/) (cont’d)
13. forensicinsight.org Page 13
Trends in dForensics, Mar/2013
Online data explosion brings new forensic collection techniques
• Social Networking Sites: Facebook, Twitter, LinkedIn, Google
링크드인
• 써드파티 도구를 이용하거나 직접 API를 이용해 코드를 작성
Evidence Technology Magazine (evidencemagazine.com/) (cont’d)
14. forensicinsight.org Page 14
Trends in dForensics, Mar/2013
Online data explosion brings new forensic collection techniques
• Social Networking Sites: Facebook, Twitter, LinkedIn, Google
구글 : 다양한 데이터를 쉽게 다운로드
• 전용 이디스커버리 도구나 Google Apps Vault 이용
Evidence Technology Magazine (evidencemagazine.com/) (cont’d)
15. forensicinsight.org Page 15
Trends in dForensics, Mar/2013
Online data explosion brings new forensic collection techniques
• SNS, 웹 메일의 데이터 수집 방법은 다양하지만 신중을 기해야 함
• 서비스 공급자로부터 적절한 권한을 가져야 하고 위반 사항에 대한 신중한 검토
• 향후 SNS, 웹메일은 모두 페이스북, 트위터, 구글과 같은 형식을 지원할 것으로 예상
• 단, SNS, 웹메일을 수집하기 전
• 절차, 프로토콜, 품질 관리 기준에 대한 심도 있는 심사가 필요
Evidence Technology Magazine (evidencemagazine.com/)
18. forensicinsight.org Page 18
Trends in dForensics, Mar/2013
EnCase Forensic v7.06 Resources
• Mac 지원 확장
HFS+ 파일시스템 압축/비압축 파일 표시
Finder 정보와 확장 파일 속성 지원
보안 ACL 표시
OS X Trash 항목 지원 향상
맥 (OS X 10.8) 설치 지원
맥 논리적 볼륨 지원
• 안드로이드 수집 모듈 향상
• 추가적인 암호화 지원
Guidance Software (guidancesoftware.com/)
• 윈도우 8, 서버 2012 지원 향상
윈도우 8, 서버 2012 서블릿
윈도우 8 아티팩트 : 레지스트리 파싱,
시스템 정보 파싱
윈도우 8 비트락커
윈도우 7 점프 목록 (Automatic) 파싱
윈도우 7 thumbs.db 파싱
• 태블릿 지원
Google Nexus 7, Acer Iconia Tab A500,
Samsung Galaxy Tab 2, Kindle Fire HD
20. forensicinsight.org Page 20
Trends in dForensics, Mar/2013
The Future of Steganography
• MP4, QuickTime 멀티미디어 파일에 TrueCrypt 컨테이너 삽입
• Steganography – tcsteg.py (http://keyj.emphy.de/files/tcsteg.py)
• Steganalysis - Python Script to Detect Hidden Data (http://www.dfinews.com/article/python-script-
detect-hidden-data)
DFINews (dfinews.com/)
21. forensicinsight.org Page 21
Trends in dForensics, Mar/2013
Indicator of Program Execution
• Application Prefetch File
• Shortcut/LNK file, Jump List
• Browser History
• Hibernation File
• Windows Event Logs
• Registry
• MSIs
• RecentDocs
• AppCompatCache
• MUICache
Windows Incident Response (windowsir.blogspot.kr/)
• *Tracing
• *DirectDraw
• SysInternals
• AppCompatFlags
• UserAssist
• RunMRU
• AutoStart Locations
• LANDesk
• Windows Services
22. forensicinsight.org Page 22
Trends in dForensics, Mar/2013
HIGH WATERMARK
• Basically Watermark
그림 위에 반투명 이미지나 로고를 덮어씀
워터마크 제거를 위해 이미지를 자르거나 더 큰 로고로 덮어씀
The Hacker Factor Blog (hackerfactor.com/) (cont’d)
23. forensicinsight.org Page 23
Trends in dForensics, Mar/2013
HIGH WATERMARK
• Unpaid Image’s Watermark
비용을 지불하지 않으면 워터마킹된 이미지/영상 제공
The Hacker Factor Blog (hackerfactor.com/) (cont’d)
24. forensicinsight.org Page 24
Trends in dForensics, Mar/2013
HIGH WATERMARK
• Secret Handshakes
미세한 변경을 통해 인간의 눈은 인식할 수 없도록 만듦 컴퓨터로 인식 가능
Photoshop Filter Digimarc
The Hacker Factor Blog (hackerfactor.com/) (cont’d)
25. forensicinsight.org Page 25
Trends in dForensics, Mar/2013
HIGH WATERMARK
• Secret Handshakes
The Hacker Factor Blog (hackerfactor.com/) (cont’d)
Before After
26. forensicinsight.org Page 26
Trends in dForensics, Mar/2013
HIGH WATERMARK
• Secret Handshakes
워터마크는 종종 추적을 위해 사용
• 월드오브워크래프트(WOW) 스크린샷에도 워터마크 삽입
• 날짜, 시간, 서버 영역 정보, 사용자의 화면 이름
이런 방법은 수정에 매우 민감 크기 조절, 회전, 대비 등
페이스북과 같은 온라인 리소스에 사진을 업로드하면 대부분 워터마크가 제거됨
The Hacker Factor Blog (hackerfactor.com/) (cont’d)
27. forensicinsight.org Page 27
Trends in dForensics, Mar/2013
HIGH WATERMARK
• Snide Comments
파일의 메타데이터를 이용한 워터마크, 몇몇 워터마크는 인코딩을 이용
이베이의 상품 사진
The Hacker Factor Blog (hackerfactor.com/) (cont’d)
28. forensicinsight.org Page 28
Trends in dForensics, Mar/2013
HIGH WATERMARK
• Snide Comments
Decode Base64
• Processed By eBay
• Created with ImageMagick
• OBJ_ID=4f6782d7a347246004f679b7a311e9051011524d0de3||
SELLER_NAME=moseisley_collectibles||ORIGINAL_EBAY_QUALITY_SCORE=4||
CREATION_DATE=3/14/13 12:59 PM
The Hacker Factor Blog (hackerfactor.com/)
Processed By eBay with ImageMagick, R1.1.1.||B2||
T0JKX0lEPTRmNjc4MmQ3YTM0NzI0NjAwNGY2NzliN2EzMTFlOTA1MTAxMTUyN
GQwZGUzfHxTRUxMRVJfTkFNRT1tb3NlaXNsZXlfY29sbGVjdGlibGVzfHxPUklHSU5
BTF9FQkFZX1FVQUxJVFlfU0NPUkU9NHx8Q1JFQVRJT05fREFURT0zLzE0LzEzIDEy
OjU5IFBN
32. forensicinsight.org Page 32
Trends in dForensics, Mar/2013
Journey Into Incident Response
• Houston We’ve Had a Problem – Wow64
• Tracking Down Persistence Mechanisms
Digital Forensics Stream
• Windows 8 : Tracking Opened Photos
ForensicKB
• EnScript to parse setupapi.dev.log
• EnCase EnScript to calculate entropy of selected file(s)
• File Entropy explained
• Crafting good keywords in EnCase and using conditions to refine results
Others (cont’d)
33. forensicinsight.org Page 33
Trends in dForensics, Mar/2013
Yogesh Khatri’s forensic blog
• Decrypting Apple FileVault Full Volume Encryption
Sketchymoose’s blog
• Crest Con Update- With Slides! Memory Forensics (slide)
jessekornblum
• No More TrueCrypt Boot Passphrases
Mobile & Technology eDiscovery
• (U)SIM Examination (Physical) Pt1
Others (cont’d)
34. forensicinsight.org Page 34
Trends in dForensics, Mar/2013
DFINews
• Memory Analysis and the Ongoing Battle Against Malware
LoveMyTool
• Open Source Forensics for Windows, MacOS, and Linux (DFF, Digital Forensics Framework)
Forensics from the sausage factory
• Location Data within JPGs
Lab Course: Communication And Communicating Devices
• Code Protection in Android
ERIC ROMANG BLOG
• OSX/Pintsized Backdoor Additional Details
Others (cont’d)
35. forensicinsight.org Page 35
Trends in dForensics, Mar/2013
Magnet Forensics
• Dropbox Decryptor
Belkasoft
• Live RAM Capturer
Forensic blog
• ADEL (Android Data Extractor Lite)
NirSoft
• NetworkInterfacesView
• JumpListsView
dForensics Tools
36. forensicinsight.org Page 36
Trends in dForensics, Mar/2013
KirySoft
• WSCC (Windows System Control Center), Sysinternals & Nirsoft’s Utility Install, Update, Execute
fawproject
• FAW (Forensics Acquisition of Websites)
CERT.AT
• ProcDOT, Visualization Tools using Procmon log and PCAP log (windump, tcpdump)
dForensics Tools