A more in-depth analysis of cyber forensics; but explained eloquently for the beginner, by Chaitanya Dhareshwar - Cyber Crime Investigator, Technocrat and Entrepreneur.
Learn what cyber forensics is all about and how you can begin using the basic tools of forensics in your day to day life. Not only does it make the world a safer place, your data remains significantly more secure.
Every step you take towards cyber security in this lawless internet allows you to achieve greater knowledge unhindered.
Anti forensics-techniques-for-browsing-artifactsgaurang17
Anti-forensics refers to any technique, gadget or software designed to hamper a computer investigation. Achieve Security using Anti Forensics. Anti-forensics Includes: Encryption, stenography, disk cleaning, file wiping. Anti-Forensics mainly for the security purpose.For confidentiality of Information or Securing the Web-Transaction. Smart Criminals are using it to Harden the forensic Investigation.
A more in-depth analysis of cyber forensics; but explained eloquently for the beginner, by Chaitanya Dhareshwar - Cyber Crime Investigator, Technocrat and Entrepreneur.
Learn what cyber forensics is all about and how you can begin using the basic tools of forensics in your day to day life. Not only does it make the world a safer place, your data remains significantly more secure.
Every step you take towards cyber security in this lawless internet allows you to achieve greater knowledge unhindered.
Anti forensics-techniques-for-browsing-artifactsgaurang17
Anti-forensics refers to any technique, gadget or software designed to hamper a computer investigation. Achieve Security using Anti Forensics. Anti-forensics Includes: Encryption, stenography, disk cleaning, file wiping. Anti-Forensics mainly for the security purpose.For confidentiality of Information or Securing the Web-Transaction. Smart Criminals are using it to Harden the forensic Investigation.
Digital forensics and Cyber Crime: Yesterday, Today & TomorrowPankaj Choudhary
It provides brief overview about history, current and future aspects of cyber crime and digital forensics.
It covers :
DF Process
Current Digital Forensics Challenges
Jobs and Opportunity
DF Certification Details
Current Forensic tools: evaluating computer forensic tool needs, computer forensics software tools, computer forensics hardware tools, validating and testing forensics software E-Mail Investigations: Exploring the role of e-mail in investigation, exploring the roles of the client and server in e-mail, investigating e-mail crimes and violations, understanding e-mail servers, using specialized e-mail forensic tools. Cell phone and mobile device forensics: Understanding mobile device forensics, understanding acquisition procedures for cell phones and mobile devices
An introduction to cyber forensics and open source tools in cyber forensicsZyxware Technologies
A presentation targeted at professionals looking to get into cyber forensics leveraging the vast array of open source / free tools available in the cyber forensics space. Built as an introductory presentation for officers in Kerala Police
Computer forensics is a very important branch of computer science in relation to computer and Internet related crimes. Earlier, computers were only used to produce data but now it has expanded to all devices related to digital data. The goal of Computer forensics is to perform crime investigations by using evidence from digital data to find who was the responsible for that particular crime.
For better research and investigation, developers have created many computer forensics tools. Police departments and investigation agencies select the tools based on various factors including budget and available experts on the team.
Download DOC word file from below Links:
Link 1 :http://gestyy.com/eiT4WO
Link 2: http://fumacrom.com/RQUm
Disclaimer: Above doc file is only for education purpose only
Process of Digital forensics
Identification
Preservation
Analysis
4. Presentation and Reporting:
5. Disseminating the case:
What is acquisition in digital forensics?
How to handle data acquisition in digital forensics
Types of Digital Forensics
Disk Forensics
Network Forensics
Wireless Forensics
Database Forensics
Types of Computer Forensics Technology, Types of Military Computer Forensic Technology, Types of Law Enforcement, Computer Forensic Technology, Types of Business Computer Forensic Technology, Specialized Forensics Techniques, Hidden Data and How to Find It, Spyware and Adware, Encryption Methods and Vulnerabilities, Protecting Data from Being Compromised Internet Tracing Methods, Security and Wireless Technologies, Avoiding Pitfalls with Firewalls Biometric Security Systems
Digital Forensics: Yesterday, Today, and the Next FrontierThe Lorenzi Group
Presentation on where digital forensics is going, and disperse accessibility (not the cloud!).
Data will be available everywhere, like a personal Max Headroom avatar to assist you. If you're not protecting data from the ground up (hint, it's not at the servers), then you're not protecting data.
Digital forensics and Cyber Crime: Yesterday, Today & TomorrowPankaj Choudhary
It provides brief overview about history, current and future aspects of cyber crime and digital forensics.
It covers :
DF Process
Current Digital Forensics Challenges
Jobs and Opportunity
DF Certification Details
Current Forensic tools: evaluating computer forensic tool needs, computer forensics software tools, computer forensics hardware tools, validating and testing forensics software E-Mail Investigations: Exploring the role of e-mail in investigation, exploring the roles of the client and server in e-mail, investigating e-mail crimes and violations, understanding e-mail servers, using specialized e-mail forensic tools. Cell phone and mobile device forensics: Understanding mobile device forensics, understanding acquisition procedures for cell phones and mobile devices
An introduction to cyber forensics and open source tools in cyber forensicsZyxware Technologies
A presentation targeted at professionals looking to get into cyber forensics leveraging the vast array of open source / free tools available in the cyber forensics space. Built as an introductory presentation for officers in Kerala Police
Computer forensics is a very important branch of computer science in relation to computer and Internet related crimes. Earlier, computers were only used to produce data but now it has expanded to all devices related to digital data. The goal of Computer forensics is to perform crime investigations by using evidence from digital data to find who was the responsible for that particular crime.
For better research and investigation, developers have created many computer forensics tools. Police departments and investigation agencies select the tools based on various factors including budget and available experts on the team.
Download DOC word file from below Links:
Link 1 :http://gestyy.com/eiT4WO
Link 2: http://fumacrom.com/RQUm
Disclaimer: Above doc file is only for education purpose only
Process of Digital forensics
Identification
Preservation
Analysis
4. Presentation and Reporting:
5. Disseminating the case:
What is acquisition in digital forensics?
How to handle data acquisition in digital forensics
Types of Digital Forensics
Disk Forensics
Network Forensics
Wireless Forensics
Database Forensics
Types of Computer Forensics Technology, Types of Military Computer Forensic Technology, Types of Law Enforcement, Computer Forensic Technology, Types of Business Computer Forensic Technology, Specialized Forensics Techniques, Hidden Data and How to Find It, Spyware and Adware, Encryption Methods and Vulnerabilities, Protecting Data from Being Compromised Internet Tracing Methods, Security and Wireless Technologies, Avoiding Pitfalls with Firewalls Biometric Security Systems
Digital Forensics: Yesterday, Today, and the Next FrontierThe Lorenzi Group
Presentation on where digital forensics is going, and disperse accessibility (not the cloud!).
Data will be available everywhere, like a personal Max Headroom avatar to assist you. If you're not protecting data from the ground up (hint, it's not at the servers), then you're not protecting data.
An Introduction to Computer Forensics Field ... Some Information's about the Field .. Some Demos ... How to be a Forensic expert ... Forensics Steps .... Dark Side of Forensics .... and lot more great Information's .....
The presentation is all about computer forensics. the process , the tools and its features and some example scenarios.. It will give you a great insight into the computer forensics
Logs for Information Assurance and Forensics @ USMAAnton Chuvakin
This is my presentation on "Logs for Information Assurance and Forensics", which was given to 2 of the USMA @ West Point, NY classes in April 2006. It sure was fun! Now I know where all the smart college students are :-)
A Pilot study on issues and complexity of digital forensics and how digital forensics can be applied in a live environment without the loss or spoilage of valuable data and evidence
Ultimately, in a forensic examination, we are investigating the action of a Person
Almost every event or action on a system is the result of a user either doing something
Many events change the state of the Operating System (OS)
OS Forensics helps understand how system changes correlate to events resulting from the action of somebody in the real world
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxsmile790243
Lecture 09 - Memory Forensics.pdf
L E C T U R E 9
B Y : D R . I B R A H I M B A G G I L I
Memory Forensic Analysis
P A R T 1
RAM overview
Volatility overview
http://www.bsatroop780.org/skills/images/ComputerMemory.gif
Understanding RAM
• Two main types of RAM
– Static
• Not refreshed
• Is still volatile
– Dynamic
• Modern computers
• Made up of a collection of cells
• Each cell contains a transistor and a capacitor
• Capacitors charge and discharge (1 and zeros)
• Periodically refreshed
RAM logical organization
• Programs run on computers
• Programs are made up of processes
– Processes are a set of resources used when executing an
instance of a program
– Processes do not generally access the physical memory directly
– Each process has a �virtual memory space�
• Allows operating system to stay in control of allocating memory
– Virtual memory space is made up of
• Pages (default size 4K)
• References (used to map virtual address to physical address)
• May also have a reference to data on the disk (Page file) – used to
free up RAM memory
RAM logical organization
! Each process is represented by an EPROCESS Block:
Normal memory
• Each process is represented by an _EPROCESS block.
• Contained within each _EPROCESS block is both a pointer to the next process
(fLink – Forward Link) and a pointer to the previous process (bLink – Back Link).
• When OS is operating, the _EPROCESS blocks and their pointers come
together to resemble a chain, which is known as a doubly-linked list.
• Chain is stored in kernel memory and is updated every time a process is
launched or terminated.
• Windows API walks this list from head to tail when enumerating processes via
Task Manager, for example.
Not so normal
• Hides processes from windows API
• Known as Direct Kernel Object Manipulation (DKOM)
• Involves manipulating the list of _EPROCESS blocks to �unlink� a
given process from the list
• By changing the forward link of process 1 to point to the third process,
and changing the �bLink� of process 3 to point to process 1, the
attacker�s process is no longer part of the list of _EPROCESS blocks.
• Since the Windows API uses this list to enumerate processes, the
malicious process will be hidden from the user but still able to operate
normally.
P A R T 2
Introduction to Memory
forensics
Before & Now
! Traditionally
! We have always been told to �pull the plug� on a live system
! This is done so that the reliability of the digital evidence is not
questioned
! Now
! People are considering live memory forensics
" Data relevant to the investigation may lie in memory
" Whole Disk Encryption….
Challenges in traditional method
• High volume of data (Aldestein, 2006)
– Increases the time in an investigation
– Increases storage capacity needed for forensic images
– Number of machines that could be included in th ...
CHAPTER
7
Authentication and
Authorization
One of the most common ways to control access to computer systems is to
identify who is at the keyboard (and prove that identity), and then decide what
they are allowed to do. These twin controls, authentication and authorization,
respectively, ensure that authorized users get access to the appropriate
computing resources, while blocking access to unauthorized users.
Authentication is the means of verifying who a person (or process) is, while
authorization determines what they’re allowed to do. This should always be done
in accordance with the principle of least privilege—giving each person only the
amount of access they require to be effective in their job function, and no more.
Authentication
Authentication is the process by which people prove they are who they say they
are. It’s composed of two parts: a public statement of identity (usually in the form
of a username) combined with a private response to a challenge (such as
a password). The secret response to the authentication challenge can be based on
one or more factors—something you know (a secret word, number, or passphrase
for example), something you have (such as a smartcard, ID tag, or code
generator), or something you are (like a biometric factor like a fingerprint or
retinal print). A password by itself, which is a means of identifying yourself
through something only you should know (and today’s most common form of
challenge response), is an example of single-factor authentication. This is not
considered to be a strong authentication method, because a password can be
intercepted or stolen in a variety of ways—for example, passwords are frequently
written down or shared with others, they can be captured from the system or the
network, and they are often weak and easy to guess.
Imagine if you could only identify your friends by being handed a previously
agreed secret phrase on a piece of paper instead of by looking at them or hearing
their voice. How reliable would that be? This type of identification is often
portrayed in spy movies, where a secret agent uses a password to impersonate
someone the victim is supposed to meet but has never seen. This trick works
precisely because it is so fallible—the password is the only means of identifying
the individual. Passwords are just not a good way of authenticating someone.
Unfortunately, password-based authentication was the easiest type to implement
in the early days of computing, and the model has persisted to this day.
Other single-factor authentication methods are better than passwords. Tokens
and smart cards are better than passwords because they must be in the physical
possession of the user. Biometrics, which use a sensor or scanner to identify
unique features of individual body parts, are better than passwords because they
can’t be shared—the user must be present to log in. However, there are ways to
defeat these methods. Tokens and card ...
A Presentation on Registry forensics from one of my lectures. Thanks to Harlan Carvy and Jolanta Thomassen for wonderful researches in the field. The work is based on their researches
THOTCON - The War over your DNS QueriesJohn Bambenek
Talk given at THOTCON on October 9, 2021 entitled the War over your DNS queries and what to do about it. Covers DNS security and privacy and the importance of running your own DNS resolver.
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseJohn Bambenek
Between limited resources and a lack of trained professionals on one hand and the increasing quantity and quality of attacks on the other, securing enterprises and responding to incidents has placed defenders on the losing end of a digital arms race. Even managing the amounts of threat data and open-source intelligence has become a challenge.
This talk will cover the possibilities and perils of integrating all the various sources of threat intelligence data to protect an organization. With all the various open-source and paid-source data, simply dumping it all into a firewall or DNS RPZ zone can be problematic. What to do about compromised websites or shared hosting environments? What about DGA domains that use full words and may collide with actual innocent websites? What about how to handle threat data that is lacking in context to make appropriate decisions on its validity and accuracy? This talk will present several case studies in how these problems can be tackled and how using multi-domain analysis can help reduce the risk and maximize the value of automated protection using these types of data.
I'm All Up in Your Blockchain - Hunting Down the NazisJohn Bambenek
In the wake of the white supremacist rally in Charlottesville, Virginia and the car attack in the aftermath, normal people wondered what is behind the resurgence of racial extremism. In looking at some of the figureheads of this movement, it was immediately apparent that several fund their operations with bitcoin with several holding thousands of dollars and a few holding millions (as of today's exchange rate). This talk will cover the research efforts into figuring out the adversaries behind the white supremacist movement, who is funding them, and the results of publishing their transactions on a live twitter feed at @neonaziwallets. We will show how they are getting their big money and what can be done to disrupt their activities. This talk will also cover an open-source twitter bot script that can monitor transactions to defined wallets and demonstrate how various exchanges leak information that allow visibility into other altcoins, particularly monero.
HITCON 2017: Building a Public RPZ Service to Protect the World's ConsumersJohn Bambenek
While we have many products and tools to protect enterprises and government networks, we are not using those same tools to protect consumers who cannot afford products and services by security companies. This talk will focus on the building of a RPZ service that can use already existing threat intelligence feeds that are freely accessible to protect consumers against threats we already know about.
MISP Summit 2018: Barncat: Using MISP for Bulk Malware SurveillanceJohn Bambenek
This is a talk given at the MISP summit in Luxembourg on how the Barncat malware configuration uses MISP to share data and the interesting things you can do with a huge body of malware configurations.
SANSFIRE - Elections, Deceptions and Political BreachesJohn Bambenek
Its been the year of political breaches. While campaigns are odd entities, there are lessons enterprises can draw from what happened in 2016 to protect their organizations from attacks.
Exploit kits are a critical piece of the malware delivery infrastructure, delivering banking trojans, click fraud engines and ransomware. This small talk will be designed to aid collaboration on a means to tackle these threats with a long-term goal of eventual prosecution of the actors and partners behind exploit kits and their associated malware campaigns. We will discuss the latest research into the backend infrastructure and surveillance techniques of the Nuclear, RIG and Angler exploit kits, to enable all participants to learn what others are doing to stay ahead of them.
Corporate Espionage without the Hassle of Committing FeloniesJohn Bambenek
Thotcon Presentation by John Bambenek on how some security solutions are leaking sensitive data to the internet making it easy to spy on individuals and companies without breaking any laws.
HITCON 2015 - DGAs, DNS and Threat IntelligenceJohn Bambenek
Domain Generation Algorithms (DGAs) and DNS provide a layer of resilience to botnets and malware. They also provide new and novel ways to monitor and surveil malicious networks. This talk will discuss methods you can use to turn DGAs and DNS against malware operators in order to better protect your enterprise.
Talk given at PHDAYS V in Moscow, May 2015.
This talk will focus on a research into Domain Generation Algorithms used in several malware families. By reverse engineering the DGA, it became possible to create near-time intelligence feeds used to monitor malicious networks and provide information required for network protection.
THOTCON 0x6: Going Kinetic on Electronic Crime NetworksJohn Bambenek
Defensive security is a rat race. We detect new threats, we reverse engineer them and develop defenses while the bad guys just make new threats. We often just document a new threat and stop when the blog post is published. This talk will take it a step further on how to proactively disrupt threats and threat actors, not just from your organization but completely. As a case study, Operation Tovar and whatever else I take down between now and THOTCON will be used as examples of how this can be accomplished without a large legal team and without massive collateral damage (i.e. the No-IP incident). Tools will be demonstrated that are used for near-time surveillance of criminal networks.
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
In March of this year, a Romanian man killed himself and his 4-year old son because of a ransomware he received after visiting adult websites. This "police impersonation" malware instructed him to pay a massive fine or else go to jail for 11 years. Ransomware isn't a new threat; however, it introduced new life with CryptoLocker, the very first variant to perform encryption correctly, thussignificantly inhibiting security researchers and their typical countermeasures. Due to its unique nature, CryptoLocker is one of the few current malware campaigns that spawned its own working group focused around remediation. As time progressed, other ransomware copycat campaigns emerged, some of which got media attention even though they were nothing but vaporware.
This talk will focus on what the threat intelligence community did in response to this threat, including the development of near-time tracking of its infrastructure and what can be learned in order to manage new threats as they emerge.
IESBGA 2014 Cybercrime Seminar by John BambenekJohn Bambenek
This talk by John Bambenek, "What Small Businesses and Entrepreneurs Need to Know About Cybercrime" was given at IESBGA 2014 on May 30th, 2014 at Illinois State University.
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSJohn Bambenek
These are the slides of a talk by John Bambenek at THOTCON 0x5 in Chicago.
Imagine your first day at a client site and you spend your time figuring out what’s going on with the network. You query passive DNS to find tons of apparently VPN over DNS endpoints on your network. What starts as a simple incident investigation process sees the tables turned on those who used the protocol to hide their tracks. This talk will discuss reverse engineering VPN over DNS (vpnoverdns.com) and how weaknesses in using DNS tunneling makes it trivial to retroactively wiretap all communications over the protocol long after the fact.
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014John Bambenek
Every day we hear more and more about credit cards getting stolen, businesses getting hacked and national secrets being pilfered from our government. In this seminar, you’ll learn:
- what threats small businesses need to be aware of
- what threats are hype
- how small businesses can protect themselves in a cost-effective way
- you’ll walk away with 5 things you can do in your small business to be more secure without having to buy a single piece of software
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 25, 2011
1. Cybercrime and Computer
Forensics Seminar
Chicago Bar Association
Mar 25th
, 2011
John C. A. Bambenek
Chief Forensic Examiner, Bambenek Consulting
jcb@bambenekconsulting.com
http://www.bambenekconsulting.com
312-725-HACK (4225)
2. Agenda
Types of Actionable Computer Crime
Incident Response versus Forensics
Laws Related to Computer Forensics
Chain of Custody and Data Acquisition
Hard drive Forensics
Registry Examination
Memory Forensics
Network Forensics
Log / Server Forensics
File Metadata
3. Types of Actionable Computer Crime
Identity Theft
Electronic Fraud (ACH or Credit Card)
Spamming
Website Defacement / Denial of Service
Unauthorized Access / Misuse of Access
Cyberbulling
Trade Secret Theft
National Security Issues
4. Obstacles to Cybercrime Prosecution
Relatively new are in the law / law not caught up with technology
International in scope / non-extradition treaty countries
Limited resources & skillsets within law enforcement
Near constant level of criminal activity
Organized crime involvement and sophisticated business models
Security tool development lags criminal tool development
5. Incident Response vs. Forensics
Incident response = “Something bad happened, fix it”
Forensics = Acquisition of evidence for potential litigation
Can include e-Discovery
Organizations should have prepared in advance for this decision
Some incidents are not worth pursuing in criminal or civil court
Forensics is much more time-consuming and expensive
In both cases, how someone “got in”, what did they do once there
May not be concerned with attribution
7. Legal Issues Relating to Forensics
Ownership of Hardware
Big issue with Cloud Computing
Ownership of Data
Expectation of Privacy
Not supposed to monitor users if they reasonably believe their actions are private
Chain of Custody / Evidence Preservation
Hard to have a case if chain of custody is broken or evidence has been corrupted
8. What kinds of evidence can be collected?
Physical drives
System memory
Network transmissions
System/Server Logs
Other sources?
9. Chain of Custody
Physical possession of data is standard chain of custody
How do you prove chain of custody on electronic information?
Cryptographic hashing
Prevention of evidence contamination
Analyze only digital copies
Use “write-blockers” for physical drives
Difficult for “live system” analysis
Keeping notes for all tasks performed on “live system”
10. Hashing
Hashing uses an encryption algorithm to generate a pseudo-random string
of text to represent a unique file (or hard drive)
Small changes cause large changes in the hash
Example: “Chicago Bar Association.” vs “Chicago Bar Association!”
MD5:
03d4d59b4619362bd565ac5330f831ca vs 1f08610821af98d38f1b577a580f1f38
SHA1:
7b41514f4ab916eb93da4d0301a39ea430b617d8 vs 3262f20679f1771afee3fc9b3c397ac02f04290a
11. Hard drive data acquisition
Can be done on a “live system” or a system that is off
On a “live system” data is constantly changing, which can be problematic
Involves a bit-copy of a drive into a “virtual drive” file for examination
Hashes taken before and after to ensure no data is contaminated
Drive left in safe, all analysis done on copies “virtual drive”
12. Hard drive basics
Hard drives are collections of ones and zeroes, even when mostly empty
File tables connect files to actual “addresses” on the drive to where the
data that comprises that file is stored and attributes of the file (like MAC
times).
When files are deleted, the actual data still exists. The file is simply
“unlinked” from the addresses it uses on the drive and those parts of the
drive can be later overwritten with new files.
Government standards require multiple “wipes” of a drive to confirm deletion
Data may hide also in “slack space”
13. Hard drive basics
So you have a drive image, now what?
Search for all deleted files
Search for all files added, deleted or modified at a certain time
Search files for specific strings
Search for files of a specific type
Examine key system files (configuration files, startup scripts, system registry)
Depends heavily on the nature of the incident
Iterative process that is more art than science
14. MAC times
MAC times stand for “modified”, “accessed”, “changed” and may also
include a creation time.
All files have MAC times associated with them (even deleted ones).
These times can help provide a search pattern for “important” files to an
incident. (i.e. if something happened at 3pm Jan 11th
, you’d look for any file
with a MAC time near that same time).
15. Windows Registry
Windows Operating systems keep a wide variety of information in the
system registry (can be accessed live using RegEdit command).
Most recently used programs
Most recently entered commands
Most recently viewed documents
Typed URLs in IE
Unique hardware addresses for USB keys accessed on system
This can be used to create a “timeline” of activity on the machine
16. Memory Forensics
Must be done on a “live” machine, memory disappears without power*
Contains:
All running programs (even those deleted from the disk)
Any encryption keys in use (makes for easy decrypting)
In some cases, passwords
Memory is constantly changing
Evidence “changes” over time, may have to work with multiple memory files
17. Network forensics
In essence, the same as wiretapping a phone call except with data
Most network switches allow for capturing live traffic from a machine
What are you looking for:
Who is talking to this machine
Who is this machine talking to
When is it happening
What is being communicated
Encryption?
18. Log forensics
Servers associated with a subject computer may have valuable information
E-mail logs can show all mail sent from a target computer
DHCP / DNS logs may show when the machine was on and who it was
communicating with
If configured, can show who accessed a machine even if the machine has
had its own logs wiped
Web server logs can show attacks in progress and how servers were
exploited
19. E-mail Forensics
E-mails all come with headers that give a wealth of information to identify
the sender.
Can show:
IP Address of sender
Can show all mailservers users
Potentially can show true username of sender
Shows when message really sent
Gives unique message ID which can be used to track messages in mail server
logs
20. E-mail headers
Return-path: <kthompson@davismcgrath.com>
Envelope-to: jcb@bambenekconsulting.com
Delivery-date: Tue, 15 Mar 2011 12:13:56 -0500
Received: from mailhost.davismcgrath.com ([12.233.219.123])
by thebox.pentex-net.com with esmtp (Exim 4.69)
(envelope-from <kthompson@davismcgrath.com>)
id 1PzXoi-0000mf-Fw
for jcb@bambenekconsulting.com; Tue, 15 Mar 2011 12:13:56 -0500
Received: from DM48WXP (unverified [192.168.3.69]) by mailhost.davismcgrath.com
(Rockliffe SMTPRA 9.3.1) with ESMTP id <B0002606529@mailhost.davismcgrath.com> for <jcb@bambenekconsulting.com>;
Tue, 15 Mar 2011 12:16:42 -0500
From: "Kevin A. Thompson" <kthompson@davismcgrath.com>
To: <jcb@bambenekconsulting.com>
References: <201033962-1299187478-cardhu_decombobulator_blackberry.rim.net-1091018849-@bda678.bisx.prod.on.blackberry> <051601cbd9e9$bd0fae80$372f0b80$@com>
<e71cae025b2bd4be5a4422d9f71c3322.squirrel@bambenekconsulting.com>
In-Reply-To: <e71cae025b2bd4be5a4422d9f71c3322.squirrel@bambenekconsulting.com>
Subject: RE: CBA - CLE/Seminar?
Date: Tue, 15 Mar 2011 12:16:39 -0500
Message-ID: <020b01cbe334$bf146320$3d3d2960$@com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcvhtQ/DNjyl3vl3Rr+AKt9z5zMFkwBf6MAA
Content-Language: en-us
21. File Metadata
Many file types include metadata in them to indicate the creating user,
when modified, etc.
Metadata can be examined even on machines you don’t control
Cell phones can be notorious about including metadata with image files.
This may even include GPS coordinates of where a picture was taken.
Office documents (especially with track changes) can show every person
who touched a file
In some cases, can include content that has been “redacted” when viewed
normally.
22. Other data sources
Cell phones (certainly smart phones) are huge data repositories and can
even store a significant amount of computer files
Tablets and iPads
Online social network content (in particular, media)
Blog comments, forum posts
Webmail accounts
Google