SlideShare a Scribd company logo

(130720) #fitalk trends in d forensics

INSIGHT FORENSIC
INSIGHT FORENSIC

This document summarizes trends in digital forensics from a conference in June 2013. It discusses forensic artifacts from the Amazon Cloud Drive desktop application and web browser, including log files and database records that can be analyzed. It also covers evidence that can be found in the Windows Control Panel, such as Prefetch files, registry keys, and jump lists recording which control panel applications have been used and when. The document provides an overview of digital forensic issues and tools discussed at the conference.

Technology
1 of 39
Download to read offline
FORENSIC INSIGHT; DIGITAL FORENSICS COMMUNITY IN KOREA Trends in dForensics, Jun/2013 JK Kim proneer proneer@gmail.com http://forensic-proof.com Security is a people problem…
forensicinsight.org Page 2 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics • 클라우드 이용 방식  데스크톱 애플리케이션  온라인 인터페이스 (웹 브라우저)  모바일 앱 (Amazon Clound Drive Photos만 존재) Digital Forensics Stream
forensicinsight.org Page 3 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Digital Forensics Stream
forensicinsight.org Page 4 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Digital Forensics Stream
forensicinsight.org Page 5 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Digital Forensics Stream
forensicinsight.org Page 6 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Digital Forensics Stream
forensicinsight.org Page 7 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • 클라우드 동기화 폴더에 파일 추가  %UserProfile%AppDataLocalAmazon Cloud DriveSyncClient  Write-Ahead Logging (v3.7.0 부터 rollback journal 대신) Digital Forensics Stream
forensicinsight.org Page 8 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClient  ADriveNativeClientService.log  adrive-client.log  1319b5c6-2672-49b4-b623-bf5a33fd4c40.db  sync--1522780775.db Digital Forensics Stream
forensicinsight.org Page 9 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClientadrive-client.log Digital Forensics Stream
forensicinsight.org Page 10 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClientadrive-client.debug.log Digital Forensics Stream
forensicinsight.org Page 11 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClientadrive-client.debug.log Digital Forensics Stream INFO 2013-07-19 16:23:58,565 [1] Adrive.Desktop.Application.CloudDriveApplication - Trace(2).Event::Starting Sync... DEBUG 2013-07-19 16:23:58,566 [1] Adrive.Desktop.Services.LocalServiceRequest - method=startSync, id=20, url=http://127.0.0.1:26330 DEBUG 2013-07-19 16:24:00,716 [1] Adrive.Desktop.Services.LocalServiceRequest - method=getAllLinks, id=21, url=http://127.0.0.1:26330 DEBUG 2013-07-19 16:24:02,133 [1] Adrive.Desktop.Services.ADriveLocalService - httpResponse={"id":21,"result":{"links":{"Help":"https://www.amazon.com/clouddrive/help","ThirdPartyLicenses":"https://www.ama zon.com/gp/drive/attribution","Manage":"https://www.amazon.com/clouddrive/manage","CloudDriveWebPage":"https://www.am azon.com/clouddrive","Feedback":"https://www.amazon.com/clouddrive/feedback","Faq":"https://www.amazon.com/help/cloudd rive/errors","DeletedItems":"https://www.amazon.com/clouddrive?sf=1&cdpath=DeletedItems","TermsOfUse":"https://www.amaz on.com/gp/drive/tou"},"default":false},"jsonrpc":"2.0"} DEBUG 2013-07-19 16:24:03,909 [1] Adrive.Desktop.Services.ADriveLocalService - httpResponse={"id":20,"result":{"name":"SYNCING","state":1},"jsonrpc":"2.0"}
forensicinsight.org Page 12 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClientsync--1522780775.db  Table • filter__resolve • local_scan • remote_scan • synced Digital Forensics Stream
forensicinsight.org Page 13 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClientsync--1522780775.db  Table: local_scan Digital Forensics Stream
forensicinsight.org Page 14 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClientsync--1522780775.db  Table: remote_scan Digital Forensics Stream
forensicinsight.org Page 15 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClientsync--1522780775.db  Table: synced Digital Forensics Stream
forensicinsight.org Page 16 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Web Browser App Digital Forensics Stream
forensicinsight.org Page 17 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Web Browser App Digital Forensics Stream
forensicinsight.org Page 18 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Web Browser App Forensic Artifacts • %UserProfile%AppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5  ACD 브라우저 캐시 파일이 존재하지 않음 Digital Forensics Stream
forensicinsight.org Page 19 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Web Browser App Forensic Artifacts • %UserProfile%AppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5 Digital Forensics Stream https://www.amazon.com/clouddrive/api/?_=1374221497170&Operation=selectMetadata&customerId=AQKWZ 4UCHAU02&ContentType=JSON&query=select+count(*)+from+object+where+hidden+!%3D+true+and+paren tObjectId%3D'c183a7d0-3fb3-429c-b244- 3edf781b4a35'+and+status+!%3D+'PENDING'+and+type+!%3D+'RECYCLE' apiCA20H5UW.json https://fls-na.amazon.com/1/adrive- metrics/1/OP/customerId=AQKWZ4UCHAU02;%7B%22metricIdentifier%22:%22uploadButtonClicked%22,%22co ntext%22:%22List%22,%22timestamp%22:%222013-07- 19T08:11:13.724Z%22%7D;%7B%22metricIdentifier%22:%22Delete%22,%22selectAll%22:%22No%22,%22number OfFiles%22:1,%22context%22:%22List%22,%22timestamp%22:%222013-07-19T08:11:35.044Z%22%7D; _timestamp___2013-07- 19T08_11_13.724Z_};{_metricIdentifier___Delete_,_selectAll___No_,_numberOfFiles__1,_contex t___List_,_timestamp___2013-07-19T08_11_35[1].gif
forensicinsight.org Page 20 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Web Browser App Forensic Artifacts • %UserProfile%AppDataLocalMicrosoftWindowsHistoryHistory.IE5 Digital Forensics Stream Visited: forensic32@https://www.amazon.com/clouddrive?_encoding=UTF8&ref_=cd_spl_def_ycd&sf=1&openid.assoc _handle=amzn_clouddrive_us&aToken=5%7CjSAVqSVWYsOS2JvwHHA5SJQmz%2BIs%2Be4wLFNGrb1nd424U7D DaWe%2BxqIK9gZYY3%2FE%2BRDlxx1%2F3aDtvTIV%2BPAlRY8Iz7Ngs7bj5U0QejWtM6TkzK2bIl%2FOdBYe%2Fx9 8UTUNrVZMRTnA9nSlpnqxHiEE75aey3ClYUOGTwSKDESIYpk8jl15245REqsdD%2FSo9I9o20nO9BfPSn52CKwNWO 75EoYKVQ1KMGwY&openid.claimed_id=https%3A%2F%2Fwww.amazon.com%2Fap%2Fid%2Famzn1.account.AF S5WGWLGWZNPTQTZZENLULFQV2A&openid.identity=https%3A%2F%2Fwww.amazon.com%2Fap%2Fid%2Famz n1.account.AFS5WGWLGWZNPTQTZZENLULFQV2A&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.op enid.net%2Fauth%2F2.0&openid.op_endpoint=https%3A%2F%2Fwww.amazon.com%2Fap%2Fsignin&openid.res ponse_nonce=2013-07- 19T10%3A08%3A47Z6526231790617976937&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fclouddr ive%3F_encoding%3DUTF8%26ref_%3Dcd_spl_def_ycd%26sf%3D1&openid.signed=assoc_handle%2CaToken%2 Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Cpape.auth_poli cies%2Cpape.auth_time%2Cns.pape%2Csigned&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensio ns%2Fpape%2F1.0&openid.pape.auth_policies=http%3A%2F%2Fschemas.openid.net%2Fpape%2Fpolicies%2F20 07%2F06%2Fnone&openid.pape.auth_time=2013-07- 19T10%3A08%3A47Z&openid.sig=LoWsvL%2FKPm9M%2FVUN8GgOBJrb%2FLb5Z1UOc71E5hOyspo%3D&
forensicinsight.org Page 21 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • GUI Control Panel SANS Computer Forensics Blog
forensicinsight.org Page 22 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • 제어판 감사 항목  비인가된 소프트웨어에 의해 방화벽 설정 변경 (firewall.cpl)  사용자 계정 추가 혹은 수정 (nusrmgr.cpl)  시스템 복원 및 볼륨 섀도 복사본 끄기 (sysdm.cpl)  시스템 시간 변경 (timedate.cpl)  타사 보안 소프트웨어 애플릿과의 통신 SANS Computer Forensics Blog
forensicinsight.org Page 23 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • 제어판 구성  제어판은 다수의 애플릿(.cpl)으로 구성 (%SystemRoot%System32 폴더에 존재)  애플릿 접근 방법 • GUI 제어판 이용 • 시작  실행 • 작업바 (시스템 시간 변경) • 명령 프롬프트 (control.exe timedate.cpl) • … …  접근 방법에 따라 상이한 아티팩트 SANS Computer Forensics Blog
forensicinsight.org Page 24 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • 제어판 애플릿 실행 흔적 1. 윈도우 프리패치 (Prefetch) SANS Computer Forensics Blog
forensicinsight.org Page 25 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • 제어판 애플릿 실행 흔적 2. 레지스트리 응용프로그램 사용로그(UserAssist) 키 (XP/Vista) • NTUSER.DATSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist SANS Computer Forensics Blog
forensicinsight.org Page 26 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • 제어판 애플릿 실행 흔적 3. 레지스트리 실행명령 로그(RunMRU) 키 • NTUSER.DATSoftwareMicrosoftWindowsCurrentVersionExplorerRunMRU SANS Computer Forensics Blog
forensicinsight.org Page 27 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • 제어판 애플릿 실행 흔적 4. 점프 목록 (Win7/Win8) • %UsreProfile%AppDataRoamingMicrosoftWindowsRecentAutomaticDestinations7e4dca 80246863e3.automaticDestinations-ms SANS Computer Forensics Blog
forensicinsight.org Page 28 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • 제어판 애플릿 실행 흔적 4. 점프 목록 (Win7/Win8) • %UsreProfile%AppDataRoamingMicrosoftWindowsRecentAutomaticDestinations7e4dca 80246863e3.automaticDestinations-ms SANS Computer Forensics Blog
forensicinsight.org Page 29 Trends in dForensics, Jun/2013  GrrCON 2012 Forensics Challenge Walkthrough • 부팅 가능한 라이브 이미지  ID: analyst  PW: grrcon2012 • 바탕화면 – 3개의 파일  memdump.img  out.pcap  compromised.timeline • 설치된 도구  TSK, Volatility, Yara, Foremost, tcpflow • 주어진 20개 문제의 답을 찾는 챌린지 Paul Melson’s Blog
forensicinsight.org Page 30 Trends in dForensics, Jun/2013  GrrCON 2012 Forensics Challenge Walkthrough • 부팅 가능한 라이브 이미지  ID: analyst  PW: grrcon2012 • 바탕화면 – 3개의 파일  memdump.img  out.pcap  compromised.timeline • 설치된 도구  TSK, Volatility, Yara, Foremost, tcpflow • 주어진 20개 문제의 답을 찾는 챌린지 Paul Melson’s Blog
forensicinsight.org Page 31 Trends in dForensics, Jun/2013  Catching the ghost: how to discover ephemeral evidence with Live RAM analysis • 휘발성 메모리의 증거 항목  동작 중인 프로세스와 서비스, 언팩/복호화된 프로그램 데이터  시스템/사용자 로그인 정보, 레지스트리/웹 브라우징 흔적  네트워크 연결 정보, SNS, MMORPG의 통신 및 채팅 내역  웹 메일/클라우드 서비스 흔적, 암호화된 볼륨의 복호화 키  최근 열람한 문서 및 사진, 동작 중인 악성코드 정보 • 휘발성 메모리 흔적은 명이 짧음 • 따라서, 조사관은 남아 있는 흔적을 최대한 가져올 수 있어야 함 FORENSIC FOCUS
forensicinsight.org Page 32 Trends in dForensics, Jun/2013  Catching the ghost: how to discover ephemeral evidence with Live RAM analysis • 휘발성 데이터가 법적으로 인정받을 수 있는가?  검증된 도구의 사용  휘발성 메모리 수집은 필연적으로 풋프린트를 남김  기술적 타당성과 법적 타당성은 별개의 문제  수집의 모든 단계를 문서화 FORENSIC FOCUS
forensicinsight.org Page 33 Trends in dForensics, Jun/2013  Catching the ghost: how to discover ephemeral evidence with Live RAM analysis • ACPO(Association of Chief Police Officers) 메모리 덤프 표준 절차 1. 상황에 대한 위험 평가: 증거로서 필요하고 안전하게 수집이 가능한가? 2. 그렇다면, 휘발성 데이터 캡쳐 장비 장착 (USB Flash Drive, USB Hard Drive 등) 3. 휘발성 데이터 수집 스크립트 실행 4. 완료 후 장치 중지 (반드시, “안전하게 제거”) 5. 장치 제거 6. 별도의 조사 컴퓨터에서 수집 데이터 검증 (절대 용의자 시스템에서 하지 말것) 7. 표준 전원 종료 절차에 따름 FORENSIC FOCUS
forensicinsight.org Page 34 Trends in dForensics, Jun/2013  Catching the ghost: how to discover ephemeral evidence with Live RAM analysis • 메모리 덤프 도구 요구 사항 1. 커널 모드 동작 2. 풋프린트 최소화 3. 포터블 방식 4. 읽기 모드 접근 FORENSIC FOCUS
forensicinsight.org Page 35 Trends in dForensics, Jun/2013  Catching the ghost: how to discover ephemeral evidence with Live RAM analysis • FireWire Attack  아무것도 실행하지 않고 DMA를 이용해 메모리 덤프  알려진 방법 중 가능 • Freezer Attack  콜드 부트를 이용해 암호화된 스마트폰의 암호화 키를 메모리에서 획득  FROST(Forensic Recovery Of Scrambled Telephones) FORENSIC FOCUS
forensicinsight.org Page 36 Trends in dForensics, Jun/2013  Catching the ghost: how to discover ephemeral evidence with Live RAM analysis • Belkasoft Evidence Center FORENSIC FOCUS
forensicinsight.org Page 37 Trends in dForensics, Jun/2013  Open Security Research • Reversing Basics Part 1: Understanding the C Code • Reversing Basics Part 2: Understanding the Assembly • Reversing Basics Part 3: Dynamically Reversing main()  Microsoft Security Blog • Microsoft Releases New Mitigation Guidance for Active Directory  EnCase® Forensic Blog • Safari Form Value Decryptor  FORENSICMETHODS • Memory Forensics Cheat Sheet v1.2 Others
forensicinsight.org Page 38 Trends in dForensics, Jun/2013  WDFS (The Workshop of Digital Forensics) • 2013-08-27, Hana-Square Auditorium in Korea University. • Early Bird : 20,000 (Student), 50,000 (General) • Standard : 30,000 (Student), 70,000 (General)  CSS (Cyber Security Summer) 2013 • 2013-08-30, COEX • Early Bird : 350,000 • Standard : 450,000 Events
forensicinsight.org Page 39 Question and Answer

Recommended

Naive application development
Naive application developmentNaive application development
Naive application developmentShaka Huang
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...99X Technology
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisAbdulrahman Bassam
 
What's new in android jakarta gdg (2015-08-26)
What's new in android jakarta gdg (2015-08-26)What's new in android jakarta gdg (2015-08-26)
What's new in android jakarta gdg (2015-08-26)Google
 
Automated Historical Performance Analysis with kmemtracer
Automated Historical Performance Analysis with kmemtracerAutomated Historical Performance Analysis with kmemtracer
Automated Historical Performance Analysis with kmemtracerKyungmin Lee
 
Google chrome os
Google chrome osGoogle chrome os
Google chrome osNeethu Dasan
 
DEVIEW2013: Automating Performance Tests for Android Applications
DEVIEW2013: Automating Performance Tests for Android ApplicationsDEVIEW2013: Automating Performance Tests for Android Applications
DEVIEW2013: Automating Performance Tests for Android ApplicationsKyungmin Lee
 

Recommended

Naive application development
Naive application developmentNaive application development
Naive application developmentShaka Huang
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...
Colombo Mobile Developer MeetUp - Building Scalable Cloud Connected Mobile Ap...99X Technology
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisAbdulrahman Bassam
 
What's new in android jakarta gdg (2015-08-26)
What's new in android jakarta gdg (2015-08-26)What's new in android jakarta gdg (2015-08-26)
What's new in android jakarta gdg (2015-08-26)Google
 
Automated Historical Performance Analysis with kmemtracer
Automated Historical Performance Analysis with kmemtracerAutomated Historical Performance Analysis with kmemtracer
Automated Historical Performance Analysis with kmemtracerKyungmin Lee
 
Google chrome os
Google chrome osGoogle chrome os
Google chrome osNeethu Dasan
 
DEVIEW2013: Automating Performance Tests for Android Applications
DEVIEW2013: Automating Performance Tests for Android ApplicationsDEVIEW2013: Automating Performance Tests for Android Applications
DEVIEW2013: Automating Performance Tests for Android ApplicationsKyungmin Lee
 
OSB310: Whitelisting: The Good, The Bad, and The Ugly!
OSB310: Whitelisting: The Good, The Bad, and The Ugly!OSB310: Whitelisting: The Good, The Bad, and The Ugly!
OSB310: Whitelisting: The Good, The Bad, and The Ugly!Ivanti
 
Android tutorial for beginners-traininginbangalore.com
Android tutorial for beginners-traininginbangalore.comAndroid tutorial for beginners-traininginbangalore.com
Android tutorial for beginners-traininginbangalore.comTIB Academy
 
Android - Open Source Bridge 2011
Android - Open Source Bridge 2011Android - Open Source Bridge 2011
Android - Open Source Bridge 2011sullis
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudVelocidex Enterprises
 
Monitoring Cloud Foundry: Learning about the Firehose
Monitoring Cloud Foundry: Learning about the FirehoseMonitoring Cloud Foundry: Learning about the Firehose
Monitoring Cloud Foundry: Learning about the FirehoseDustin Ruehle
 
AbdullahFawad_OS_Assignment.docx
AbdullahFawad_OS_Assignment.docxAbdullahFawad_OS_Assignment.docx
AbdullahFawad_OS_Assignment.docxTabyaSaeed
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computingwebscale
 
Android developmenttools 20100424
Android developmenttools 20100424Android developmenttools 20100424
Android developmenttools 20100424Marakana Inc.
 
A New Perspective on Resource-Level Cloud Forensics
A New Perspective on Resource-Level Cloud ForensicsA New Perspective on Resource-Level Cloud Forensics
A New Perspective on Resource-Level Cloud ForensicsChristopher Doman
 
MongoDB Europe 2016 - Warehousing MongoDB Data using Apache Beam and BigQuery
MongoDB Europe 2016 - Warehousing MongoDB Data using Apache Beam and BigQueryMongoDB Europe 2016 - Warehousing MongoDB Data using Apache Beam and BigQuery
MongoDB Europe 2016 - Warehousing MongoDB Data using Apache Beam and BigQueryMongoDB
 
Derbycon 8 - We Are the Artillery: Using Google Fu to Take Down the Grid
Derbycon 8 - We Are the Artillery: Using Google Fu to Take Down the GridDerbycon 8 - We Are the Artillery: Using Google Fu to Take Down the Grid
Derbycon 8 - We Are the Artillery: Using Google Fu to Take Down the GridChris Sistrunk
 
Google Cloud lightning talk @MHacks
Google Cloud lightning talk @MHacksGoogle Cloud lightning talk @MHacks
Google Cloud lightning talk @MHackswesley chun
 
Modular Architecturs for resilience and Adaptability.pdf
Modular Architecturs for resilience and Adaptability.pdfModular Architecturs for resilience and Adaptability.pdf
Modular Architecturs for resilience and Adaptability.pdfNilesh Gule
 
Modular Architecturs for resilience and Adaptability.pdf
Modular Architecturs for resilience and Adaptability.pdfModular Architecturs for resilience and Adaptability.pdf
Modular Architecturs for resilience and Adaptability.pdfNilesh Gule
 
(WEB301) Operational Web Log Analysis | AWS re:Invent 2014
(WEB301) Operational Web Log Analysis | AWS re:Invent 2014(WEB301) Operational Web Log Analysis | AWS re:Invent 2014
(WEB301) Operational Web Log Analysis | AWS re:Invent 2014Amazon Web Services
 
Deployment talk dpc 13
Deployment talk dpc 13Deployment talk dpc 13
Deployment talk dpc 13Robbert van den Bogerd
 
Creating mobile apps with Cordova for iOS, Android and BlackBerry 10
Creating mobile apps with Cordova for iOS, Android and BlackBerry 10Creating mobile apps with Cordova for iOS, Android and BlackBerry 10
Creating mobile apps with Cordova for iOS, Android and BlackBerry 10Demian Borba
 
[HEWEBAR 2012] Adaptive Images in Responsive Web Design
[HEWEBAR 2012] Adaptive Images in Responsive Web Design[HEWEBAR 2012] Adaptive Images in Responsive Web Design
[HEWEBAR 2012] Adaptive Images in Responsive Web DesignChristopher Schmitt
 
Lambda Architecture using Google Cloud plus Apps
Lambda Architecture using Google Cloud plus AppsLambda Architecture using Google Cloud plus Apps
Lambda Architecture using Google Cloud plus AppsSimon Su
 
Online Cloud Storage System By using PHP
Online Cloud Storage System By using PHPOnline Cloud Storage System By using PHP
Online Cloud Storage System By using PHPTuhin Ray
 
(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensicsINSIGHT FORENSIC
 
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)INSIGHT FORENSIC
 

More Related Content

Similar to (130720) #fitalk trends in d forensics

OSB310: Whitelisting: The Good, The Bad, and The Ugly!
OSB310: Whitelisting: The Good, The Bad, and The Ugly!OSB310: Whitelisting: The Good, The Bad, and The Ugly!
OSB310: Whitelisting: The Good, The Bad, and The Ugly!Ivanti
 
Android tutorial for beginners-traininginbangalore.com
Android tutorial for beginners-traininginbangalore.comAndroid tutorial for beginners-traininginbangalore.com
Android tutorial for beginners-traininginbangalore.comTIB Academy
 
Android - Open Source Bridge 2011
Android - Open Source Bridge 2011Android - Open Source Bridge 2011
Android - Open Source Bridge 2011sullis
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudVelocidex Enterprises
 
Monitoring Cloud Foundry: Learning about the Firehose
Monitoring Cloud Foundry: Learning about the FirehoseMonitoring Cloud Foundry: Learning about the Firehose
Monitoring Cloud Foundry: Learning about the FirehoseDustin Ruehle
 
AbdullahFawad_OS_Assignment.docx
AbdullahFawad_OS_Assignment.docxAbdullahFawad_OS_Assignment.docx
AbdullahFawad_OS_Assignment.docxTabyaSaeed
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computingwebscale
 
Android developmenttools 20100424
Android developmenttools 20100424Android developmenttools 20100424
Android developmenttools 20100424Marakana Inc.
 
A New Perspective on Resource-Level Cloud Forensics
A New Perspective on Resource-Level Cloud ForensicsA New Perspective on Resource-Level Cloud Forensics
A New Perspective on Resource-Level Cloud ForensicsChristopher Doman
 
MongoDB Europe 2016 - Warehousing MongoDB Data using Apache Beam and BigQuery
MongoDB Europe 2016 - Warehousing MongoDB Data using Apache Beam and BigQueryMongoDB Europe 2016 - Warehousing MongoDB Data using Apache Beam and BigQuery
MongoDB Europe 2016 - Warehousing MongoDB Data using Apache Beam and BigQueryMongoDB
 
Derbycon 8 - We Are the Artillery: Using Google Fu to Take Down the Grid
Derbycon 8 - We Are the Artillery: Using Google Fu to Take Down the GridDerbycon 8 - We Are the Artillery: Using Google Fu to Take Down the Grid
Derbycon 8 - We Are the Artillery: Using Google Fu to Take Down the GridChris Sistrunk
 
Google Cloud lightning talk @MHacks
Google Cloud lightning talk @MHacksGoogle Cloud lightning talk @MHacks
Google Cloud lightning talk @MHackswesley chun
 
Modular Architecturs for resilience and Adaptability.pdf
Modular Architecturs for resilience and Adaptability.pdfModular Architecturs for resilience and Adaptability.pdf
Modular Architecturs for resilience and Adaptability.pdfNilesh Gule
 
Modular Architecturs for resilience and Adaptability.pdf
Modular Architecturs for resilience and Adaptability.pdfModular Architecturs for resilience and Adaptability.pdf
Modular Architecturs for resilience and Adaptability.pdfNilesh Gule
 
(WEB301) Operational Web Log Analysis | AWS re:Invent 2014
(WEB301) Operational Web Log Analysis | AWS re:Invent 2014(WEB301) Operational Web Log Analysis | AWS re:Invent 2014
(WEB301) Operational Web Log Analysis | AWS re:Invent 2014Amazon Web Services
 
Creating mobile apps with Cordova for iOS, Android and BlackBerry 10
Creating mobile apps with Cordova for iOS, Android and BlackBerry 10Creating mobile apps with Cordova for iOS, Android and BlackBerry 10
Creating mobile apps with Cordova for iOS, Android and BlackBerry 10Demian Borba
 
[HEWEBAR 2012] Adaptive Images in Responsive Web Design
[HEWEBAR 2012] Adaptive Images in Responsive Web Design[HEWEBAR 2012] Adaptive Images in Responsive Web Design
[HEWEBAR 2012] Adaptive Images in Responsive Web DesignChristopher Schmitt
 
Lambda Architecture using Google Cloud plus Apps
Lambda Architecture using Google Cloud plus AppsLambda Architecture using Google Cloud plus Apps
Lambda Architecture using Google Cloud plus AppsSimon Su
 
Online Cloud Storage System By using PHP
Online Cloud Storage System By using PHPOnline Cloud Storage System By using PHP
Online Cloud Storage System By using PHPTuhin Ray
 

Similar to (130720) #fitalk trends in d forensics (20)

OSB310: Whitelisting: The Good, The Bad, and The Ugly!
OSB310: Whitelisting: The Good, The Bad, and The Ugly!OSB310: Whitelisting: The Good, The Bad, and The Ugly!
OSB310: Whitelisting: The Good, The Bad, and The Ugly!
 
Android tutorial for beginners-traininginbangalore.com
Android tutorial for beginners-traininginbangalore.comAndroid tutorial for beginners-traininginbangalore.com
Android tutorial for beginners-traininginbangalore.com
 
Android - Open Source Bridge 2011
Android - Open Source Bridge 2011Android - Open Source Bridge 2011
Android - Open Source Bridge 2011
 
Digital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The CloudDigital Forensics and Incident Response in The Cloud
Digital Forensics and Incident Response in The Cloud
 
Monitoring Cloud Foundry: Learning about the Firehose
Monitoring Cloud Foundry: Learning about the FirehoseMonitoring Cloud Foundry: Learning about the Firehose
Monitoring Cloud Foundry: Learning about the Firehose
 
AbdullahFawad_OS_Assignment.docx
AbdullahFawad_OS_Assignment.docxAbdullahFawad_OS_Assignment.docx
AbdullahFawad_OS_Assignment.docx
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Android developmenttools 20100424
Android developmenttools 20100424Android developmenttools 20100424
Android developmenttools 20100424
 
A New Perspective on Resource-Level Cloud Forensics
A New Perspective on Resource-Level Cloud ForensicsA New Perspective on Resource-Level Cloud Forensics
A New Perspective on Resource-Level Cloud Forensics
 
MongoDB Europe 2016 - Warehousing MongoDB Data using Apache Beam and BigQuery
MongoDB Europe 2016 - Warehousing MongoDB Data using Apache Beam and BigQueryMongoDB Europe 2016 - Warehousing MongoDB Data using Apache Beam and BigQuery
MongoDB Europe 2016 - Warehousing MongoDB Data using Apache Beam and BigQuery
 
Derbycon 8 - We Are the Artillery: Using Google Fu to Take Down the Grid
Derbycon 8 - We Are the Artillery: Using Google Fu to Take Down the GridDerbycon 8 - We Are the Artillery: Using Google Fu to Take Down the Grid
Derbycon 8 - We Are the Artillery: Using Google Fu to Take Down the Grid
 
Google Cloud lightning talk @MHacks
Google Cloud lightning talk @MHacksGoogle Cloud lightning talk @MHacks
Google Cloud lightning talk @MHacks
 
Modular Architecturs for resilience and Adaptability.pdf
Modular Architecturs for resilience and Adaptability.pdfModular Architecturs for resilience and Adaptability.pdf
Modular Architecturs for resilience and Adaptability.pdf
 
Modular Architecturs for resilience and Adaptability.pdf
Modular Architecturs for resilience and Adaptability.pdfModular Architecturs for resilience and Adaptability.pdf
Modular Architecturs for resilience and Adaptability.pdf
 
(WEB301) Operational Web Log Analysis | AWS re:Invent 2014
(WEB301) Operational Web Log Analysis | AWS re:Invent 2014(WEB301) Operational Web Log Analysis | AWS re:Invent 2014
(WEB301) Operational Web Log Analysis | AWS re:Invent 2014
 
Deployment talk dpc 13
Deployment talk dpc 13Deployment talk dpc 13
Deployment talk dpc 13
 
Creating mobile apps with Cordova for iOS, Android and BlackBerry 10
Creating mobile apps with Cordova for iOS, Android and BlackBerry 10Creating mobile apps with Cordova for iOS, Android and BlackBerry 10
Creating mobile apps with Cordova for iOS, Android and BlackBerry 10
 
[HEWEBAR 2012] Adaptive Images in Responsive Web Design
[HEWEBAR 2012] Adaptive Images in Responsive Web Design[HEWEBAR 2012] Adaptive Images in Responsive Web Design
[HEWEBAR 2012] Adaptive Images in Responsive Web Design
 
Lambda Architecture using Google Cloud plus Apps
Lambda Architecture using Google Cloud plus AppsLambda Architecture using Google Cloud plus Apps
Lambda Architecture using Google Cloud plus Apps
 
Online Cloud Storage System By using PHP
Online Cloud Storage System By using PHPOnline Cloud Storage System By using PHP
Online Cloud Storage System By using PHP
 

More from INSIGHT FORENSIC

(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensicsINSIGHT FORENSIC
 
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)INSIGHT FORENSIC
 
(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)INSIGHT FORENSIC
 
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fsINSIGHT FORENSIC
 
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trendINSIGHT FORENSIC
 
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안INSIGHT FORENSIC
 
(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifactsINSIGHT FORENSIC
 
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식INSIGHT FORENSIC
 
(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatchINSIGHT FORENSIC
 
(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석INSIGHT FORENSIC
 
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석INSIGHT FORENSIC
 
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법INSIGHT FORENSIC
 
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysisINSIGHT FORENSIC
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur lsINSIGHT FORENSIC
 
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)INSIGHT FORENSIC
 
(130202) #fitalk china threat
(130202) #fitalk china threat(130202) #fitalk china threat
(130202) #fitalk china threatINSIGHT FORENSIC
 
(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensicsINSIGHT FORENSIC
 
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threatINSIGHT FORENSIC
 
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recoveryINSIGHT FORENSIC
 
(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)INSIGHT FORENSIC
 

More from INSIGHT FORENSIC (20)

(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics(160820) #fitalk fileless malware forensics
(160820) #fitalk fileless malware forensics
 
(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)(150124) #fitalk advanced $usn jrnl forensics (korean)
(150124) #fitalk advanced $usn jrnl forensics (korean)
 
(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)(150124) #fitalk advanced $usn jrnl forensics (english)
(150124) #fitalk advanced $usn jrnl forensics (english)
 
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs(140118) #fitalk detection of anti-forensics artifacts using ioa fs
(140118) #fitalk detection of anti-forensics artifacts using ioa fs
 
(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend(140118) #fitalk 2013 e-discovery trend
(140118) #fitalk 2013 e-discovery trend
 
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
(141031) #fitalk plaso 슈퍼 타임라인 분석 도구 활용 방안
 
(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts(141031) #fitalk os x yosemite artifacts
(141031) #fitalk os x yosemite artifacts
 
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식(140716) #fitalk 전자금융사고에서의 디지털 포렌식
(140716) #fitalk 전자금융사고에서의 디지털 포렌식
 
(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch(140716) #fitalk digital evidence from android-based smartwatch
(140716) #fitalk digital evidence from android-based smartwatch
 
(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석(140625) #fitalk sq lite 소개와 구조 분석
(140625) #fitalk sq lite 소개와 구조 분석
 
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석(140407) #fitalk d trace를 이용한 악성코드 동적 분석
(140407) #fitalk d trace를 이용한 악성코드 동적 분석
 
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법(140625) #fitalk sq lite 삭제된 레코드 복구 기법
(140625) #fitalk sq lite 삭제된 레코드 복구 기법
 
(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis(130216) #fitalk reverse connection tool analysis
(130216) #fitalk reverse connection tool analysis
 
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
 
(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)(130202) #fitalk trends in d forensics (jan, 2013)
(130202) #fitalk trends in d forensics (jan, 2013)
 
(130202) #fitalk china threat
(130202) #fitalk china threat(130202) #fitalk china threat
(130202) #fitalk china threat
 
(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics(130119) #fitalk sql server forensics
(130119) #fitalk sql server forensics
 
(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat(130119) #fitalk apt, cyber espionage threat
(130119) #fitalk apt, cyber espionage threat
 
(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery(130119) #fitalk all about physical data recovery
(130119) #fitalk all about physical data recovery
 
(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)(130105) #fitalk trends in d forensics (dec, 2012)
(130105) #fitalk trends in d forensics (dec, 2012)
 

Recently uploaded

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingSelcen Ozturkcan
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Recently uploaded (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

(130720) #fitalk trends in d forensics

  • 1. FORENSIC INSIGHT; DIGITAL FORENSICS COMMUNITY IN KOREA Trends in dForensics, Jun/2013 JK Kim proneer proneer@gmail.com http://forensic-proof.com Security is a people problem…
  • 2. forensicinsight.org Page 2 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics • 클라우드 이용 방식  데스크톱 애플리케이션  온라인 인터페이스 (웹 브라우저)  모바일 앱 (Amazon Clound Drive Photos만 존재) Digital Forensics Stream
  • 3. forensicinsight.org Page 3 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Digital Forensics Stream
  • 4. forensicinsight.org Page 4 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Digital Forensics Stream
  • 5. forensicinsight.org Page 5 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Digital Forensics Stream
  • 6. forensicinsight.org Page 6 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Digital Forensics Stream
  • 7. forensicinsight.org Page 7 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • 클라우드 동기화 폴더에 파일 추가  %UserProfile%AppDataLocalAmazon Cloud DriveSyncClient  Write-Ahead Logging (v3.7.0 부터 rollback journal 대신) Digital Forensics Stream
  • 8. forensicinsight.org Page 8 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClient  ADriveNativeClientService.log  adrive-client.log  1319b5c6-2672-49b4-b623-bf5a33fd4c40.db  sync--1522780775.db Digital Forensics Stream
  • 9. forensicinsight.org Page 9 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClientadrive-client.log Digital Forensics Stream
  • 10. forensicinsight.org Page 10 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClientadrive-client.debug.log Digital Forensics Stream
  • 11. forensicinsight.org Page 11 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClientadrive-client.debug.log Digital Forensics Stream INFO 2013-07-19 16:23:58,565 [1] Adrive.Desktop.Application.CloudDriveApplication - Trace(2).Event::Starting Sync... DEBUG 2013-07-19 16:23:58,566 [1] Adrive.Desktop.Services.LocalServiceRequest - method=startSync, id=20, url=http://127.0.0.1:26330 DEBUG 2013-07-19 16:24:00,716 [1] Adrive.Desktop.Services.LocalServiceRequest - method=getAllLinks, id=21, url=http://127.0.0.1:26330 DEBUG 2013-07-19 16:24:02,133 [1] Adrive.Desktop.Services.ADriveLocalService - httpResponse={"id":21,"result":{"links":{"Help":"https://www.amazon.com/clouddrive/help","ThirdPartyLicenses":"https://www.ama zon.com/gp/drive/attribution","Manage":"https://www.amazon.com/clouddrive/manage","CloudDriveWebPage":"https://www.am azon.com/clouddrive","Feedback":"https://www.amazon.com/clouddrive/feedback","Faq":"https://www.amazon.com/help/cloudd rive/errors","DeletedItems":"https://www.amazon.com/clouddrive?sf=1&cdpath=DeletedItems","TermsOfUse":"https://www.amaz on.com/gp/drive/tou"},"default":false},"jsonrpc":"2.0"} DEBUG 2013-07-19 16:24:03,909 [1] Adrive.Desktop.Services.ADriveLocalService - httpResponse={"id":20,"result":{"name":"SYNCING","state":1},"jsonrpc":"2.0"}
  • 12. forensicinsight.org Page 12 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClientsync--1522780775.db  Table • filter__resolve • local_scan • remote_scan • synced Digital Forensics Stream
  • 13. forensicinsight.org Page 13 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClientsync--1522780775.db  Table: local_scan Digital Forensics Stream
  • 14. forensicinsight.org Page 14 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClientsync--1522780775.db  Table: remote_scan Digital Forensics Stream
  • 15. forensicinsight.org Page 15 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Desktop App Forensic Artifacts • %UserProfile%AppDataLocalAmazon Cloud DriveSyncClientsync--1522780775.db  Table: synced Digital Forensics Stream
  • 16. forensicinsight.org Page 16 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Web Browser App Digital Forensics Stream
  • 17. forensicinsight.org Page 17 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Web Browser App Digital Forensics Stream
  • 18. forensicinsight.org Page 18 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Web Browser App Forensic Artifacts • %UserProfile%AppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5  ACD 브라우저 캐시 파일이 존재하지 않음 Digital Forensics Stream
  • 19. forensicinsight.org Page 19 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Web Browser App Forensic Artifacts • %UserProfile%AppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5 Digital Forensics Stream https://www.amazon.com/clouddrive/api/?_=1374221497170&Operation=selectMetadata&customerId=AQKWZ 4UCHAU02&ContentType=JSON&query=select+count(*)+from+object+where+hidden+!%3D+true+and+paren tObjectId%3D'c183a7d0-3fb3-429c-b244- 3edf781b4a35'+and+status+!%3D+'PENDING'+and+type+!%3D+'RECYCLE' apiCA20H5UW.json https://fls-na.amazon.com/1/adrive- metrics/1/OP/customerId=AQKWZ4UCHAU02;%7B%22metricIdentifier%22:%22uploadButtonClicked%22,%22co ntext%22:%22List%22,%22timestamp%22:%222013-07- 19T08:11:13.724Z%22%7D;%7B%22metricIdentifier%22:%22Delete%22,%22selectAll%22:%22No%22,%22number OfFiles%22:1,%22context%22:%22List%22,%22timestamp%22:%222013-07-19T08:11:35.044Z%22%7D; _timestamp___2013-07- 19T08_11_13.724Z_};{_metricIdentifier___Delete_,_selectAll___No_,_numberOfFiles__1,_contex t___List_,_timestamp___2013-07-19T08_11_35[1].gif
  • 20. forensicinsight.org Page 20 Trends in dForensics, Jun/2013  Amazon Cloud Drive Forensics – Web Browser App Forensic Artifacts • %UserProfile%AppDataLocalMicrosoftWindowsHistoryHistory.IE5 Digital Forensics Stream Visited: forensic32@https://www.amazon.com/clouddrive?_encoding=UTF8&ref_=cd_spl_def_ycd&sf=1&openid.assoc _handle=amzn_clouddrive_us&aToken=5%7CjSAVqSVWYsOS2JvwHHA5SJQmz%2BIs%2Be4wLFNGrb1nd424U7D DaWe%2BxqIK9gZYY3%2FE%2BRDlxx1%2F3aDtvTIV%2BPAlRY8Iz7Ngs7bj5U0QejWtM6TkzK2bIl%2FOdBYe%2Fx9 8UTUNrVZMRTnA9nSlpnqxHiEE75aey3ClYUOGTwSKDESIYpk8jl15245REqsdD%2FSo9I9o20nO9BfPSn52CKwNWO 75EoYKVQ1KMGwY&openid.claimed_id=https%3A%2F%2Fwww.amazon.com%2Fap%2Fid%2Famzn1.account.AF S5WGWLGWZNPTQTZZENLULFQV2A&openid.identity=https%3A%2F%2Fwww.amazon.com%2Fap%2Fid%2Famz n1.account.AFS5WGWLGWZNPTQTZZENLULFQV2A&openid.mode=id_res&openid.ns=http%3A%2F%2Fspecs.op enid.net%2Fauth%2F2.0&openid.op_endpoint=https%3A%2F%2Fwww.amazon.com%2Fap%2Fsignin&openid.res ponse_nonce=2013-07- 19T10%3A08%3A47Z6526231790617976937&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fclouddr ive%3F_encoding%3DUTF8%26ref_%3Dcd_spl_def_ycd%26sf%3D1&openid.signed=assoc_handle%2CaToken%2 Cclaimed_id%2Cidentity%2Cmode%2Cns%2Cop_endpoint%2Cresponse_nonce%2Creturn_to%2Cpape.auth_poli cies%2Cpape.auth_time%2Cns.pape%2Csigned&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensio ns%2Fpape%2F1.0&openid.pape.auth_policies=http%3A%2F%2Fschemas.openid.net%2Fpape%2Fpolicies%2F20 07%2F06%2Fnone&openid.pape.auth_time=2013-07- 19T10%3A08%3A47Z&openid.sig=LoWsvL%2FKPm9M%2FVUN8GgOBJrb%2FLb5Z1UOc71E5hOyspo%3D&
  • 21. forensicinsight.org Page 21 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • GUI Control Panel SANS Computer Forensics Blog
  • 22. forensicinsight.org Page 22 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • 제어판 감사 항목  비인가된 소프트웨어에 의해 방화벽 설정 변경 (firewall.cpl)  사용자 계정 추가 혹은 수정 (nusrmgr.cpl)  시스템 복원 및 볼륨 섀도 복사본 끄기 (sysdm.cpl)  시스템 시간 변경 (timedate.cpl)  타사 보안 소프트웨어 애플릿과의 통신 SANS Computer Forensics Blog
  • 23. forensicinsight.org Page 23 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • 제어판 구성  제어판은 다수의 애플릿(.cpl)으로 구성 (%SystemRoot%System32 폴더에 존재)  애플릿 접근 방법 • GUI 제어판 이용 • 시작  실행 • 작업바 (시스템 시간 변경) • 명령 프롬프트 (control.exe timedate.cpl) • … …  접근 방법에 따라 상이한 아티팩트 SANS Computer Forensics Blog
  • 24. forensicinsight.org Page 24 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • 제어판 애플릿 실행 흔적 1. 윈도우 프리패치 (Prefetch) SANS Computer Forensics Blog
  • 25. forensicinsight.org Page 25 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • 제어판 애플릿 실행 흔적 2. 레지스트리 응용프로그램 사용로그(UserAssist) 키 (XP/Vista) • NTUSER.DATSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist SANS Computer Forensics Blog
  • 26. forensicinsight.org Page 26 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • 제어판 애플릿 실행 흔적 3. 레지스트리 실행명령 로그(RunMRU) 키 • NTUSER.DATSoftwareMicrosoftWindowsCurrentVersionExplorerRunMRU SANS Computer Forensics Blog
  • 27. forensicinsight.org Page 27 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • 제어판 애플릿 실행 흔적 4. 점프 목록 (Win7/Win8) • %UsreProfile%AppDataRoamingMicrosoftWindowsRecentAutomaticDestinations7e4dca 80246863e3.automaticDestinations-ms SANS Computer Forensics Blog
  • 28. forensicinsight.org Page 28 Trends in dForensics, Jun/2013  Control Panel Forensics: Evidence of Time Manipulation and More • 제어판 애플릿 실행 흔적 4. 점프 목록 (Win7/Win8) • %UsreProfile%AppDataRoamingMicrosoftWindowsRecentAutomaticDestinations7e4dca 80246863e3.automaticDestinations-ms SANS Computer Forensics Blog
  • 29. forensicinsight.org Page 29 Trends in dForensics, Jun/2013  GrrCON 2012 Forensics Challenge Walkthrough • 부팅 가능한 라이브 이미지  ID: analyst  PW: grrcon2012 • 바탕화면 – 3개의 파일  memdump.img  out.pcap  compromised.timeline • 설치된 도구  TSK, Volatility, Yara, Foremost, tcpflow • 주어진 20개 문제의 답을 찾는 챌린지 Paul Melson’s Blog
  • 30. forensicinsight.org Page 30 Trends in dForensics, Jun/2013  GrrCON 2012 Forensics Challenge Walkthrough • 부팅 가능한 라이브 이미지  ID: analyst  PW: grrcon2012 • 바탕화면 – 3개의 파일  memdump.img  out.pcap  compromised.timeline • 설치된 도구  TSK, Volatility, Yara, Foremost, tcpflow • 주어진 20개 문제의 답을 찾는 챌린지 Paul Melson’s Blog
  • 31. forensicinsight.org Page 31 Trends in dForensics, Jun/2013  Catching the ghost: how to discover ephemeral evidence with Live RAM analysis • 휘발성 메모리의 증거 항목  동작 중인 프로세스와 서비스, 언팩/복호화된 프로그램 데이터  시스템/사용자 로그인 정보, 레지스트리/웹 브라우징 흔적  네트워크 연결 정보, SNS, MMORPG의 통신 및 채팅 내역  웹 메일/클라우드 서비스 흔적, 암호화된 볼륨의 복호화 키  최근 열람한 문서 및 사진, 동작 중인 악성코드 정보 • 휘발성 메모리 흔적은 명이 짧음 • 따라서, 조사관은 남아 있는 흔적을 최대한 가져올 수 있어야 함 FORENSIC FOCUS
  • 32. forensicinsight.org Page 32 Trends in dForensics, Jun/2013  Catching the ghost: how to discover ephemeral evidence with Live RAM analysis • 휘발성 데이터가 법적으로 인정받을 수 있는가?  검증된 도구의 사용  휘발성 메모리 수집은 필연적으로 풋프린트를 남김  기술적 타당성과 법적 타당성은 별개의 문제  수집의 모든 단계를 문서화 FORENSIC FOCUS
  • 33. forensicinsight.org Page 33 Trends in dForensics, Jun/2013  Catching the ghost: how to discover ephemeral evidence with Live RAM analysis • ACPO(Association of Chief Police Officers) 메모리 덤프 표준 절차 1. 상황에 대한 위험 평가: 증거로서 필요하고 안전하게 수집이 가능한가? 2. 그렇다면, 휘발성 데이터 캡쳐 장비 장착 (USB Flash Drive, USB Hard Drive 등) 3. 휘발성 데이터 수집 스크립트 실행 4. 완료 후 장치 중지 (반드시, “안전하게 제거”) 5. 장치 제거 6. 별도의 조사 컴퓨터에서 수집 데이터 검증 (절대 용의자 시스템에서 하지 말것) 7. 표준 전원 종료 절차에 따름 FORENSIC FOCUS
  • 34. forensicinsight.org Page 34 Trends in dForensics, Jun/2013  Catching the ghost: how to discover ephemeral evidence with Live RAM analysis • 메모리 덤프 도구 요구 사항 1. 커널 모드 동작 2. 풋프린트 최소화 3. 포터블 방식 4. 읽기 모드 접근 FORENSIC FOCUS
  • 35. forensicinsight.org Page 35 Trends in dForensics, Jun/2013  Catching the ghost: how to discover ephemeral evidence with Live RAM analysis • FireWire Attack  아무것도 실행하지 않고 DMA를 이용해 메모리 덤프  알려진 방법 중 가능 • Freezer Attack  콜드 부트를 이용해 암호화된 스마트폰의 암호화 키를 메모리에서 획득  FROST(Forensic Recovery Of Scrambled Telephones) FORENSIC FOCUS
  • 36. forensicinsight.org Page 36 Trends in dForensics, Jun/2013  Catching the ghost: how to discover ephemeral evidence with Live RAM analysis • Belkasoft Evidence Center FORENSIC FOCUS
  • 37. forensicinsight.org Page 37 Trends in dForensics, Jun/2013  Open Security Research • Reversing Basics Part 1: Understanding the C Code • Reversing Basics Part 2: Understanding the Assembly • Reversing Basics Part 3: Dynamically Reversing main()  Microsoft Security Blog • Microsoft Releases New Mitigation Guidance for Active Directory  EnCase® Forensic Blog • Safari Form Value Decryptor  FORENSICMETHODS • Memory Forensics Cheat Sheet v1.2 Others
  • 38. forensicinsight.org Page 38 Trends in dForensics, Jun/2013  WDFS (The Workshop of Digital Forensics) • 2013-08-27, Hana-Square Auditorium in Korea University. • Early Bird : 20,000 (Student), 50,000 (General) • Standard : 30,000 (Student), 70,000 (General)  CSS (Cyber Security Summer) 2013 • 2013-08-30, COEX • Early Bird : 350,000 • Standard : 450,000 Events