Forensic techniques are not just for law enforcement. You need to supplement your existing security package and provide evidence of due diligence in the event of an incident. Test your security before someone else does.
Preparing to Testify About Mobile Device EvidenceCellebrite
Taking a judge and jury through your investigative process, and why mobile evidence is relevant to your case, is only half of testimony. You should also be prepared to testify about the tools and methods you used, and to address any challenges to your process. This session will tell you what you need to know about mobile forensic extraction, analysis and interpretation; how to deal with questions about vendors’ proprietary methods; and specific challenges around mobile evidence authenticity and admissibility.
Interview Techniques for a Mobile Crime WorldCellebrite
Digital forensic investigators must increasingly wear more than one hat in an investigation, from seizure to examination to interviewing the victim or suspect. Whether you are an experienced investigator who has been trained in interview techniques, or a forensic examiner being asked to pull double duty as an interviewer, this class will give you the framework of skills you need to handle interviews specifically related to evidence you find on digital devices. We will discuss verbal communications in general and also discuss tried and true methodologies to enhance the chances of a confession.
Security professionals must be aware of numerous attack vectors and threats that face their networks. All too often, some devices are forgotten or ignored. Printers are a staple of a corporate environment, and are frequently among the least secure elements of any network. Tom will explore the vulnerabilities associated with networked printers, potential attacks that can be leveraged using these devices, and solutions for mitigating and managing these threats. Presented by Tom Kopchak, Senior Engineer at Hurricane Labs.
Have you ever had to communicate a topic to someone you don't know how to relate to? Have you ever thought of coming up with a way to relate your information in a way the other person would understand? In this presentation, Tom Kopchak takes up through the sounds of security.
Preparing to Testify About Mobile Device EvidenceCellebrite
Taking a judge and jury through your investigative process, and why mobile evidence is relevant to your case, is only half of testimony. You should also be prepared to testify about the tools and methods you used, and to address any challenges to your process. This session will tell you what you need to know about mobile forensic extraction, analysis and interpretation; how to deal with questions about vendors’ proprietary methods; and specific challenges around mobile evidence authenticity and admissibility.
Interview Techniques for a Mobile Crime WorldCellebrite
Digital forensic investigators must increasingly wear more than one hat in an investigation, from seizure to examination to interviewing the victim or suspect. Whether you are an experienced investigator who has been trained in interview techniques, or a forensic examiner being asked to pull double duty as an interviewer, this class will give you the framework of skills you need to handle interviews specifically related to evidence you find on digital devices. We will discuss verbal communications in general and also discuss tried and true methodologies to enhance the chances of a confession.
Security professionals must be aware of numerous attack vectors and threats that face their networks. All too often, some devices are forgotten or ignored. Printers are a staple of a corporate environment, and are frequently among the least secure elements of any network. Tom will explore the vulnerabilities associated with networked printers, potential attacks that can be leveraged using these devices, and solutions for mitigating and managing these threats. Presented by Tom Kopchak, Senior Engineer at Hurricane Labs.
Have you ever had to communicate a topic to someone you don't know how to relate to? Have you ever thought of coming up with a way to relate your information in a way the other person would understand? In this presentation, Tom Kopchak takes up through the sounds of security.
Encryption protects your privacy and is essential for communication. However encryption is sometimes complicated and hard to use. I want to discuss what encryption is, how it is used, and make it easy for everyone to use. I will show what tools are available under linux for protecting communications, hard drives, and web browsing.
The truth is incidents will happened and systems will get compromised. You need to be an expert on how to handle these incidents. The best way to learn is through experience, such as the Collegiate Cyber Defense Competition.
SNMP (Simple Network Management Protocol) is a great tool for monitoring, reporting and alerting on your network and is used by most enterprise level organizations. However it has a dark side. It can easily give away critical information about the system and the network. After showing how to enumerate this critical information and how it can be used in an attack, I will also discuss how to secure SNMP to prevent these kinds of attacks. This information will help those in enterprise IT security to better safeguard their SNMP from attack.
One of your company's laptops was just stolen. You know that there was sensitive information on the machine. You also know that full disk encryption was deployed. Is your data safe? Can you prove it?
Many organizations are flocking to full disk encryption as a solution to their data security requirements. Unfortunately, many of these installations view the deployment of full disk encryption as a panacea for any and all security concerns for their laptop fleets. All too often, these systems are neither properly configured nor adequately tested.
In this talk, Tom will analyze the challenges associated with both attacking and defending systems protected with full disk encryption. Many of the examples provided will draw from Tom's personal experience, including a case where a fully encrypted and powered down system was able to be fully compromised as part of a penetration test.
We all know that Splunk goes beyond the capabilities of a traditional SIEM. This presentation will go beyond the Splunk App for Enterprise Security to look at data types that are not usually thought of as “security relevant.” Big data comes in many forms and we’ll show through examples how this applies to the discipline of security.
The Domain Name System (DNS) is a critical service for the operation of the Internet as we know it. Although the process of resolving human readable domain names into Internet-routable IP addresses may seem simple, this process is backed by a massive, globally-distributed database. The reliable functioning of this system impacts all users – from end users, to system administrators, to security professionals and event entire countries. Because of behavior and ubiquity of DNS, it has recently become a focus for attackers, especially as both a source and target for distributed denial of service (DDoS) attacks.
In this presentation, Tom will provide an overview of the operation and design of the Domain Name System, focusing on both the global structure along with best practices for a local deployment. Security considerations will be a core component of the webinar, including an overview of recent attacks leveraging the fundamental operation of DNS along with improperly configured resolvers resulting in significant interruptions in Internet service.
If you're in IT, it's important to understand that your users are fully embracing the cloud. Understanding cloud security including how to utilize API calls safely and securely, the importance of Firewalls (yes, even in the cloud!) as well as ensuring redundancy and availability needs to be kept in the forefront of all cloud deployments. This presentation will help you to talk about cloud security in a non-confrontational way with your users.
Enterprises face a wide range of threats across their information infrastructure. In order to protect critical systems and information, a comprehensive security approach is necessary. A single layer of defense cannot be considered adequate. Although no system can be considered absolutely secure, a multi-tiered security approach can effectively reduce the overall risk an organization must face.
In this webinar, Tom will illustrate an effective security approach through the image of a castle. He will review many of the different defenses that can be deployed in unison to better secure a network from a range of threats. Tom will also provide examples of improvements that can be made leveraging existing controls to provide an overall increase in organizational security.
The only way to get where we need to be in security analysis is if we use Security Intelligence. This means working harder and understanding the big picture of your data.
Incident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. In this talk we will discuss modern attacks, techniques, how to defend & respond to those threats.
BSidesLondon 20th April 2011 - Rory Mccune (@raesene) -----------
"Penetration testing" has become a staple of a the security programmes of a lot of companies around the world and particularly in the UK. Unfortunately in most cases it's poorly understood, the value for customers is minimal and it bears absolutely no resemblence to what a modern attacker would do.
So it's time for it to die. ------ for more info about Rory Mccune go to www.7elements.co.uk
Automation and open source turning the tide on the attackersFrank Victory
TOPIC: Automation and Open Source, Turning the Tide on Attackers
The security world is still trying figure out how to deal with the overwhelming number of security alerts and data deluge most SOCs are faced with and then turn them into intelligence that is useful and actionable. Throwing more people and tech at the problem has proven to be ineffective and costly. In this talk I walk through methods and tools (that you can actually employ) to turn the tide in your favor and create a security team that proactively deals with threats.
Encryption protects your privacy and is essential for communication. However encryption is sometimes complicated and hard to use. I want to discuss what encryption is, how it is used, and make it easy for everyone to use. I will show what tools are available under linux for protecting communications, hard drives, and web browsing.
The truth is incidents will happened and systems will get compromised. You need to be an expert on how to handle these incidents. The best way to learn is through experience, such as the Collegiate Cyber Defense Competition.
SNMP (Simple Network Management Protocol) is a great tool for monitoring, reporting and alerting on your network and is used by most enterprise level organizations. However it has a dark side. It can easily give away critical information about the system and the network. After showing how to enumerate this critical information and how it can be used in an attack, I will also discuss how to secure SNMP to prevent these kinds of attacks. This information will help those in enterprise IT security to better safeguard their SNMP from attack.
One of your company's laptops was just stolen. You know that there was sensitive information on the machine. You also know that full disk encryption was deployed. Is your data safe? Can you prove it?
Many organizations are flocking to full disk encryption as a solution to their data security requirements. Unfortunately, many of these installations view the deployment of full disk encryption as a panacea for any and all security concerns for their laptop fleets. All too often, these systems are neither properly configured nor adequately tested.
In this talk, Tom will analyze the challenges associated with both attacking and defending systems protected with full disk encryption. Many of the examples provided will draw from Tom's personal experience, including a case where a fully encrypted and powered down system was able to be fully compromised as part of a penetration test.
We all know that Splunk goes beyond the capabilities of a traditional SIEM. This presentation will go beyond the Splunk App for Enterprise Security to look at data types that are not usually thought of as “security relevant.” Big data comes in many forms and we’ll show through examples how this applies to the discipline of security.
The Domain Name System (DNS) is a critical service for the operation of the Internet as we know it. Although the process of resolving human readable domain names into Internet-routable IP addresses may seem simple, this process is backed by a massive, globally-distributed database. The reliable functioning of this system impacts all users – from end users, to system administrators, to security professionals and event entire countries. Because of behavior and ubiquity of DNS, it has recently become a focus for attackers, especially as both a source and target for distributed denial of service (DDoS) attacks.
In this presentation, Tom will provide an overview of the operation and design of the Domain Name System, focusing on both the global structure along with best practices for a local deployment. Security considerations will be a core component of the webinar, including an overview of recent attacks leveraging the fundamental operation of DNS along with improperly configured resolvers resulting in significant interruptions in Internet service.
If you're in IT, it's important to understand that your users are fully embracing the cloud. Understanding cloud security including how to utilize API calls safely and securely, the importance of Firewalls (yes, even in the cloud!) as well as ensuring redundancy and availability needs to be kept in the forefront of all cloud deployments. This presentation will help you to talk about cloud security in a non-confrontational way with your users.
Enterprises face a wide range of threats across their information infrastructure. In order to protect critical systems and information, a comprehensive security approach is necessary. A single layer of defense cannot be considered adequate. Although no system can be considered absolutely secure, a multi-tiered security approach can effectively reduce the overall risk an organization must face.
In this webinar, Tom will illustrate an effective security approach through the image of a castle. He will review many of the different defenses that can be deployed in unison to better secure a network from a range of threats. Tom will also provide examples of improvements that can be made leveraging existing controls to provide an overall increase in organizational security.
The only way to get where we need to be in security analysis is if we use Security Intelligence. This means working harder and understanding the big picture of your data.
Incident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. In this talk we will discuss modern attacks, techniques, how to defend & respond to those threats.
BSidesLondon 20th April 2011 - Rory Mccune (@raesene) -----------
"Penetration testing" has become a staple of a the security programmes of a lot of companies around the world and particularly in the UK. Unfortunately in most cases it's poorly understood, the value for customers is minimal and it bears absolutely no resemblence to what a modern attacker would do.
So it's time for it to die. ------ for more info about Rory Mccune go to www.7elements.co.uk
Automation and open source turning the tide on the attackersFrank Victory
TOPIC: Automation and Open Source, Turning the Tide on Attackers
The security world is still trying figure out how to deal with the overwhelming number of security alerts and data deluge most SOCs are faced with and then turn them into intelligence that is useful and actionable. Throwing more people and tech at the problem has proven to be ineffective and costly. In this talk I walk through methods and tools (that you can actually employ) to turn the tide in your favor and create a security team that proactively deals with threats.
Draft current state of digital forensic and data science Damir Delija
In this presentation we will introduce current state of digital forensics, its positioning in general IT security and relations with data science and data analyses. Many strong links exist among this technical and scientific fields, usually this links are not taken into consideration. For data owners, forensic researchers and investigators this connections and data views presents additional hidden values.
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014Chris Nickerson
Ever steal a Boeing 777? How about transfer more than $400,000,000 from an account? Have you ever had one of those bad days where one wrong press of the “enter” key accidently broadcasts an emergency message to the radio station asking an entire city to evacuate? The real destruction of a business doesn’t come from a shell, a picked lock or a simple lie. The REAL threat is when all of the disciplines are combined and the only thing left in the crosshairs is the BUSINESS itself. Red Teaming is not a process of finding “A” vulnerability, but showing how flaws at EVERY level of the program combine to cause devastating effects to the company (or the tester =) ).
After 15 years in the Red Teaming, Pen Testing and Security Testing Business, I have had some of the weirdest things happen. In this 50 min story time, I plan to go over our methodology, some of our BEST and WORST moments on the job, tips/tricks we picked up along the way and hopefully we can have a few laughs at our (mis)fortune(s).
Digital forensics is the backbone of investigating cybercrime. It includes identifying, preserving, extracting, analyzing and reporting evidence across computers, mobile devices and networks.
Join Keatron Evans, Infosec instructor and Managing Partner at KM Cyber Security, in this on-demand webinar as we discuss:
- The difference between computer, mobile and network forensics
- How a forensics certification can progress your career
- A live cloud forensics demonstration voted on by attendees
- Digital forensics questions from live attendees
You can watch the full webinar, including the live cloud forensics demo, here: https://www2.infosecinstitute.com/l/12882/2019-03-12/chf2dr
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
4. The Truth
• Evidence can be hard to come by
• Any and all evidence must be carefully
accounted for and documented
• Cases involving movie-like circumstances are
few and far between
23. Failure of Encryption?
• Encryption Did Not Fail!
• Convenience vs. Security
• Zero knowledge attack
24. Forensics for the
Defense – One System
at a Time
• System vulnerabilities unknown until tested
• Forensic Penetration testing = same purpose as
traditional penetration test
• Learn and improve from mistakes
25. Conclusions
• Forensic techniques are
not just for law
enforcement
• Supplement your existing
security package
• Provide evidence of due
diligence in the event of an
incident
• Test your security before
someone else does
Crime scenes and evidence, Bringing criminals to justice, Secret files on devicesNeatly laid out trail of evidence, Police chases, GunfireEverything solved by the end of the TV show - in 30 minutes or less (commercials not included, of course)
Law enforcement: Critical evidence in cases, Breaches/Cyber attacks Emerging - Security: Verification, penetration testing
"Dead" analysis: Drive image, Searching for deleted and hidden files, Evidence must never change New technologies making this more challenging - Full disk encryption/hardware encryption, Solid State Drives
Memory analysis - becoming increasingly important Capturing this evidence often requires modifying evidence - capture tools need to access/write to memory Some evidence may only exist in memory
Network forensics - much more information Search and web history, timing of requests and keystrokes, location data Sources - firewall logs, DNS logs, IDS logs, packet captures
Forensic techniques - more than just law enforcement - More flexibility - Experimenting with evidence may be desirable - Minimal legal issues, especially for research purposes
- Time consuming process - Requires attention to detail - Documentation! - Consider time involved when determining if necessary
-Verification - application analysis and verification -Pen testing - encrypted laptop -Malware/Exploit/Breach Analysis - be careful, legal concerns
-Consider legal ramifications, especially if there is a possibility of criminal activity -Know your limits -Involve law enforcement-Critical for malware/breach investigations
-Checkbox - trust but verify -Simulate an actual attack - Zero-knowledge attacks -Identify shortcomings before they become problems
Application verification - Don’t trust the developer’s word!
For application verification -Control image - system with application, simplify system as much as possible -Test cases: run application, generate data -Analysis: Investigate application process/behavior - MAC times, search for interesting data
Setting the scene: Company laptop is stolen, full disk encryption employed. Is your data safe? How do you know?
Zero knowledge attack - identical to a real attack Authenticated testing - allows for testing specific scenarios
Laptop was fully encrypted Administrator confident no information could be retrieved or leaked
Full disk images - physical and digital Write blocker used, system never booted using original disk (critical step!) - Scratch disk could be restored, no evidence of attack Initial reconnaissance: laptop, standard interfaces, Symantec Endpoint Encryption Solution
Grace period - window of time where system was allowed to boot normally -passphrase was required after timeout. Images/repeated imaging allowed us to work indefinitely System booted to Windows during grace period - no need to attack encryption directly, memory analysis techniques
-Downgrade system memory -Leverage DMA to dump memory - firewire -Exploit operating system structure in memory (Inception tool) -Result - full admin access
We didn’t need to break the encryption -leveraged configuration oversights, key may still be in memory -Convenience vs. Security, resulted in total failure -Zero Knowledge - company would not be able to determine information was stolen