SlideShare a Scribd company logo

New Frontiers in Cyber Forensics

Albert Hui
Albert Hui

Selected topics on mobile device and network forensics, shedding light on issues which are not well-understood.

1 of 37
Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC Principal Consultant Hong Kong Seminar April 12th 2016 @ Hong Kong
 Spoke at Black Hat, ACFE Asia Pacific Fraud Conference, HTCIA Asia Pacific Forensics Conference, and Economist Corporate Network.  Risk Consultant for Banks, Government and Critical Infrastructures.  SANS GIAC Advisory Board Member.  Co-designed the first Computer Forensics curriculum for the Hong Kong Police Force.  Former HKUST Computer Science lecturer. Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC Principal Consultant albert@securityronin.com 2
Mobile Device Forensics  Physical Acquisition  Cracking iPhone Passcodes Network Forensics  Packet Capture  IP & Domain Intelligence  Email Analysis 3Copyright © 2016 Albert Hui
Potentially allows for determining: 1. SMS, WhatsApp, WeChat messages sent and received 2. Pictures taken 3. Previous locations 4. Deleted documents and pictures (with physical acquisition) 5. Etc. 5Copyright © 2016 Albert Hui
Physical Acquisition   Physical Analysis Copyright © 2016 Albert Hui 6 💣 Method very similar to jailbreak, load custom firmware, then unjailbreak  Can and did brick phones!
Copyright © 2016 Albert Hui 7 💣 Physical acquisition requires manual pre-Jailbreak!  Might want to unjailbreak the phone afterwards   Or it might well be totally unacceptable after all
 iOS 1–3: no need  iOS 4–7: yes, email, passwords and some apps need passcode  iOS 8–9: yes, most everything need passcode Copyright © 2016 Albert Hui 8 Copyright © Devon Ackeman http://goo.gl/UXt7Od
 (Mac) /private/var/db/lockdown  (Windows) C:ProgramDataAppleLockdown Copyright © 2016 Albert Hui 9 💣 Need access to a synced computer 💣 since iOS 8+, phone must not have been turned off / restarted in the last 48 hours can unlock phone with paring file on a synced computer:
Copyright © 2016 Albert Hui 10  Can brute-force passcodes  4-digit passcodes cracked under 40 minutes  More complex passcodes can take a long long time (dictionary attack)
Copyright © 2016 Albert Hui 11 💣 Only work for 4-digit passcodes 💣 No longer work for iOs 8.1.1+ Copyright © FoneFunShop IP-BOX  Brute-force passcodes  Infinite retries via power off before iPhone remembers a failed try
Potentially allows for determining: 1. What parties are involved? 2. Involved parties’ affiliations? 3. What events happened? 4. When did events happen? 5. How did events happen? 6. Etc. 13Copyright © 2016 Albert Hui
Copyright © Computer Desktop Encyclopedia Ethernet 14Copyright © 2016 Albert Hui
monitor session 1 source interface fastEthernet 0/1 monitor session 1 source interface fastEthernet 0/5 monitor session 1 source interface fastEthernet 0/6 monitor session 1 destination interface gigabitEthernet 0/1 Switch(config) # 15Copyright © 2016 Albert Hui
16Copyright © 2016 Albert Hui 💣 Must Swap Cables REAL Quick!  in order to keep existing TCP connections up (assuming switch port in PortFast mode)
Ethernet Hub 💣 Most hubs are actually switches!  Test them! Throwing Star 💣 Beware of Packet Drops!  Use adequately powerful taps 17Copyright © 2016 Albert Hui
Packet Capture  https://www.wireshark.org/  TCPDump (any modern UNIX) Traffic Analysis  NetworkMiner http://www.netresec.com/?page=Networkminer Copyright © 2016 Albert Hui 18 .pcap File 💣 Need SSL private key for decrypting https traffics!
Copyright © Computer Desktop Encyclopedia Ethernet 19Copyright © 2016 Albert Hui
💣 often inaccurate!  Use of VPN / TOR / proxy/ anonymizer  Address block used in another country 209.58.130.172 20Copyright © 2016 Albert Hui
21Copyright © 2016 Albert Hui
22Copyright © 2016 Albert Hui
Copyright © Computer Desktop Encyclopedia Ethernet 23Copyright © 2016 Albert Hui
24Copyright © 2016 Albert Hui 64.233.184.121
25Copyright © 2016 Albert Hui hkacfe.com
Copyright © 2016 Albert Hui 26
 DomainTools Whois https://whois.domaintools.com  MaxMind GeoIP2 Precision https://www.maxmind.com/en/batch_lookup  IP Intelligence Proxy / VPN Detection https://getipintel.net/  ExoneraTor Tor Relay Checker https://exonerator.torproject.org/  TCPIPUTILS.com Domain Neighbors http://www.tcpiputils.com/domain-neighbors  DomainTools Whois History https://research.domaintools.com/research/whois- history/  Wayback Machine https://archive.org/web/ 27Copyright © 2016 Albert Hui 💣 For IP geolocation, do not rely solely on:  ASN Lookup  “Visual Traceroute”  Google  or any single source for that matter
Potentially allows for determining: 1. Who the sender is? 2. From what location was the email sent (home, office, café, etc.)? 3. What ISP was used? 4. What email service was used? 5. What is the mail delivery path? 6. Any attempt to spoof? 7. Etc. 28Copyright © 2016 Albert Hui
29Copyright © 2016 Albert Hui
Copyright © 2016 Albert Hui 30
Copyright © 2016 Albert Hui 31 Taiwanese Windows=
Copyright © 2016 Albert Hui 32
33Copyright © 2016 Albert Hui
34Copyright © 2016 Albert Hui
 IP Tracker Email Sender Finder http://www.ip-tracker.org/find/email-finder.php 35Copyright © 2016 Albert Hui
?? 36Copyright © 2016 Albert Hui
albert@securityronin.com 37

Recommended

Practical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank FraudstersPractical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank Fraudsters
Albert Hui
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
Dean Bonehill ♠Technology for Business♠
 
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Kroll
 
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
Eric Vanderburg
 
HSB15 - 0xDUDE
HSB15 - 0xDUDEHSB15 - 0xDUDE
HSB15 - 0xDUDE
Splend
 
What's Next in Cybersecurity Policy
What's Next in Cybersecurity PolicyWhat's Next in Cybersecurity Policy
What's Next in Cybersecurity Policy
Ely Kahn
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
ForgeRock
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 

Recommended

Practical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank FraudstersPractical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank Fraudsters
Albert Hui
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
Dean Bonehill ♠Technology for Business♠
 
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Kroll
 
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
Eric Vanderburg
 
HSB15 - 0xDUDE
HSB15 - 0xDUDEHSB15 - 0xDUDE
HSB15 - 0xDUDE
Splend
 
What's Next in Cybersecurity Policy
What's Next in Cybersecurity PolicyWhat's Next in Cybersecurity Policy
What's Next in Cybersecurity Policy
Ely Kahn
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
ForgeRock
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
6 Tips to Protect Your Kids from Cyberbullying
6 Tips to Protect Your Kids from Cyberbullying6 Tips to Protect Your Kids from Cyberbullying
6 Tips to Protect Your Kids from Cyberbullying
Quick Heal Technologies Ltd.
 
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Amazon Web Services
 
Comply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsComply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed Audits
Thycotic
 
HTTPS. Why should you care?
HTTPS. Why should you care?HTTPS. Why should you care?
HTTPS. Why should you care?
involveall technologies
 
E-commerce and fraud
E-commerce and fraudE-commerce and fraud
E-commerce and fraud
blogzilla
 
Email and cloud ethics (continuing legal education course)
Email and cloud ethics (continuing legal education course)Email and cloud ethics (continuing legal education course)
Email and cloud ethics (continuing legal education course)
Chad Gilles
 
NYC Identity Summit Business Day: Continuous Security
NYC Identity Summit Business Day: Continuous SecurityNYC Identity Summit Business Day: Continuous Security
NYC Identity Summit Business Day: Continuous Security
ForgeRock
 
Identity theft pp presentation
Identity theft pp presentationIdentity theft pp presentation
Identity theft pp presentation
Yusuf Qadir
 
AY - Adaptive Access Control
AY - Adaptive Access ControlAY - Adaptive Access Control
AY - Adaptive Access ControlAdrian Young
 
Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1Fernando Romero
 
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Research
 
Laying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationLaying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationAlbert Hui
 
Detecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an AttackerDetecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an Attacker
Albert Hui
 
DelawareToday_March2016
DelawareToday_March2016DelawareToday_March2016
DelawareToday_March2016Mark Anderson
 
Empowering women through brazilian jiu jitsu (bjj coursera assignment
Empowering women through brazilian jiu jitsu (bjj coursera assignmentEmpowering women through brazilian jiu jitsu (bjj coursera assignment
Empowering women through brazilian jiu jitsu (bjj coursera assignment
Mohammed T. Mosharraf
 
Enhanced Data Visualization provided for 200,000 Machines with OpenTSDB and ...
Enhanced Data Visualization provided for 200,000 Machines with OpenTSDB and ... Enhanced Data Visualization provided for 200,000 Machines with OpenTSDB and ...
Enhanced Data Visualization provided for 200,000 Machines with OpenTSDB and ...
YASH Technologies
 
Comunicare volontariato
Comunicare volontariatoComunicare volontariato
Comunicare volontariato
Antonio Longo Dorni
 
Diari del 2 de gener de 2013
Diari del 2 de gener de 2013Diari del 2 de gener de 2013
Diari del 2 de gener de 2013
diarimes
 
Nephrotic syndrome- case definitons and treatment
Nephrotic syndrome- case definitons and treatmentNephrotic syndrome- case definitons and treatment
Nephrotic syndrome- case definitons and treatment
apoorvaerukulla
 
Frank-Okeke-Franchising
Frank-Okeke-FranchisingFrank-Okeke-Franchising
Frank-Okeke-FranchisingFrank Chidubem Okeke
 
student-1
student-1student-1
student-1Mohamed Arafa
 
Ud marta vazquez
Ud marta vazquezUd marta vazquez
Ud marta vazquezeducomunicacion2010
 

More Related Content

What's hot

6 Tips to Protect Your Kids from Cyberbullying
6 Tips to Protect Your Kids from Cyberbullying6 Tips to Protect Your Kids from Cyberbullying
6 Tips to Protect Your Kids from Cyberbullying
Quick Heal Technologies Ltd.
 
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Amazon Web Services
 
Comply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsComply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed Audits
Thycotic
 
HTTPS. Why should you care?
HTTPS. Why should you care?HTTPS. Why should you care?
HTTPS. Why should you care?
involveall technologies
 
E-commerce and fraud
E-commerce and fraudE-commerce and fraud
E-commerce and fraud
blogzilla
 
Email and cloud ethics (continuing legal education course)
Email and cloud ethics (continuing legal education course)Email and cloud ethics (continuing legal education course)
Email and cloud ethics (continuing legal education course)
Chad Gilles
 
NYC Identity Summit Business Day: Continuous Security
NYC Identity Summit Business Day: Continuous SecurityNYC Identity Summit Business Day: Continuous Security
NYC Identity Summit Business Day: Continuous Security
ForgeRock
 
Identity theft pp presentation
Identity theft pp presentationIdentity theft pp presentation
Identity theft pp presentation
Yusuf Qadir
 
AY - Adaptive Access Control
AY - Adaptive Access ControlAY - Adaptive Access Control
AY - Adaptive Access ControlAdrian Young
 
Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1Fernando Romero
 
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Research
 

What's hot (11)

6 Tips to Protect Your Kids from Cyberbullying
6 Tips to Protect Your Kids from Cyberbullying6 Tips to Protect Your Kids from Cyberbullying
6 Tips to Protect Your Kids from Cyberbullying
 
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
 
Comply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsComply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed Audits
 
HTTPS. Why should you care?
HTTPS. Why should you care?HTTPS. Why should you care?
HTTPS. Why should you care?
 
E-commerce and fraud
E-commerce and fraudE-commerce and fraud
E-commerce and fraud
 
Email and cloud ethics (continuing legal education course)
Email and cloud ethics (continuing legal education course)Email and cloud ethics (continuing legal education course)
Email and cloud ethics (continuing legal education course)
 
NYC Identity Summit Business Day: Continuous Security
NYC Identity Summit Business Day: Continuous SecurityNYC Identity Summit Business Day: Continuous Security
NYC Identity Summit Business Day: Continuous Security
 
Identity theft pp presentation
Identity theft pp presentationIdentity theft pp presentation
Identity theft pp presentation
 
AY - Adaptive Access Control
AY - Adaptive Access ControlAY - Adaptive Access Control
AY - Adaptive Access Control
 
Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1
 
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
SBA Live Academy - Passwords: Policy and Storage with NIST SP800-63b by Jim M...
 

Viewers also liked

Laying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationLaying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationAlbert Hui
 
Detecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an AttackerDetecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an Attacker
Albert Hui
 
DelawareToday_March2016
DelawareToday_March2016DelawareToday_March2016
DelawareToday_March2016Mark Anderson
 
Empowering women through brazilian jiu jitsu (bjj coursera assignment
Empowering women through brazilian jiu jitsu (bjj coursera assignmentEmpowering women through brazilian jiu jitsu (bjj coursera assignment
Empowering women through brazilian jiu jitsu (bjj coursera assignment
Mohammed T. Mosharraf
 
Enhanced Data Visualization provided for 200,000 Machines with OpenTSDB and ...
Enhanced Data Visualization provided for 200,000 Machines with OpenTSDB and ... Enhanced Data Visualization provided for 200,000 Machines with OpenTSDB and ...
Enhanced Data Visualization provided for 200,000 Machines with OpenTSDB and ...
YASH Technologies
 
Comunicare volontariato
Comunicare volontariatoComunicare volontariato
Comunicare volontariato
Antonio Longo Dorni
 
Diari del 2 de gener de 2013
Diari del 2 de gener de 2013Diari del 2 de gener de 2013
Diari del 2 de gener de 2013
diarimes
 
Nephrotic syndrome- case definitons and treatment
Nephrotic syndrome- case definitons and treatmentNephrotic syndrome- case definitons and treatment
Nephrotic syndrome- case definitons and treatment
apoorvaerukulla
 
Spark Digital: Digital distractions by Gary Webb
Spark Digital: Digital distractions by Gary WebbSpark Digital: Digital distractions by Gary Webb
Spark Digital: Digital distractions by Gary Webb
Spark Digital
 
Los aztecas p
Los aztecas pLos aztecas p
Los aztecas p
Karen Castillo
 
Η Γλώσσα C - Μάθημα 2 (Εκτύπωση)
Η Γλώσσα C - Μάθημα 2 (Εκτύπωση)Η Γλώσσα C - Μάθημα 2 (Εκτύπωση)
Η Γλώσσα C - Μάθημα 2 (Εκτύπωση)
Dimitris Psounis
 
Η Γλώσσα C - Μάθημα 2
Η Γλώσσα C - Μάθημα 2Η Γλώσσα C - Μάθημα 2
Η Γλώσσα C - Μάθημα 2
Dimitris Psounis
 
Brian Balfour: Building A Growth Machine
Brian Balfour: Building A Growth MachineBrian Balfour: Building A Growth Machine
Brian Balfour: Building A Growth Machine
Heavybit
 
Zenem Introduction r3
Zenem Introduction r3Zenem Introduction r3
Zenem Introduction r3Sarah Trask
 
01 00 web_expérientiel _ introduction
01 00 web_expérientiel _ introduction01 00 web_expérientiel _ introduction
01 00 web_expérientiel _ introduction
Alexandre Rivaux
 

Viewers also liked (18)

Laying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationLaying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident Investigation
 
Detecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an AttackerDetecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an Attacker
 
DelawareToday_March2016
DelawareToday_March2016DelawareToday_March2016
DelawareToday_March2016
 
Empowering women through brazilian jiu jitsu (bjj coursera assignment
Empowering women through brazilian jiu jitsu (bjj coursera assignmentEmpowering women through brazilian jiu jitsu (bjj coursera assignment
Empowering women through brazilian jiu jitsu (bjj coursera assignment
 
Enhanced Data Visualization provided for 200,000 Machines with OpenTSDB and ...
Enhanced Data Visualization provided for 200,000 Machines with OpenTSDB and ... Enhanced Data Visualization provided for 200,000 Machines with OpenTSDB and ...
Enhanced Data Visualization provided for 200,000 Machines with OpenTSDB and ...
 
Comunicare volontariato
Comunicare volontariatoComunicare volontariato
Comunicare volontariato
 
Diari del 2 de gener de 2013
Diari del 2 de gener de 2013Diari del 2 de gener de 2013
Diari del 2 de gener de 2013
 
Nephrotic syndrome- case definitons and treatment
Nephrotic syndrome- case definitons and treatmentNephrotic syndrome- case definitons and treatment
Nephrotic syndrome- case definitons and treatment
 
Frank-Okeke-Franchising
Frank-Okeke-FranchisingFrank-Okeke-Franchising
Frank-Okeke-Franchising
 
student-1
student-1student-1
student-1
 
Ud marta vazquez
Ud marta vazquezUd marta vazquez
Ud marta vazquez
 
Spark Digital: Digital distractions by Gary Webb
Spark Digital: Digital distractions by Gary WebbSpark Digital: Digital distractions by Gary Webb
Spark Digital: Digital distractions by Gary Webb
 
Los aztecas p
Los aztecas pLos aztecas p
Los aztecas p
 
Η Γλώσσα C - Μάθημα 2 (Εκτύπωση)
Η Γλώσσα C - Μάθημα 2 (Εκτύπωση)Η Γλώσσα C - Μάθημα 2 (Εκτύπωση)
Η Γλώσσα C - Μάθημα 2 (Εκτύπωση)
 
Η Γλώσσα C - Μάθημα 2
Η Γλώσσα C - Μάθημα 2Η Γλώσσα C - Μάθημα 2
Η Γλώσσα C - Μάθημα 2
 
Brian Balfour: Building A Growth Machine
Brian Balfour: Building A Growth MachineBrian Balfour: Building A Growth Machine
Brian Balfour: Building A Growth Machine
 
Zenem Introduction r3
Zenem Introduction r3Zenem Introduction r3
Zenem Introduction r3
 
01 00 web_expérientiel _ introduction
01 00 web_expérientiel _ introduction01 00 web_expérientiel _ introduction
01 00 web_expérientiel _ introduction
 

Similar to New Frontiers in Cyber Forensics

Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
NowSecure
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
NowSecure
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
Duo Security
 
Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Breaking Extreme Networks WingOS: How to own millions of devices running on A...Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Priyanka Aash
 
" Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on..." Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on...
PROIDEA
 
Security & Identity for the Internet of Things Webinar
Security & Identity for the Internet of Things WebinarSecurity & Identity for the Internet of Things Webinar
Security & Identity for the Internet of Things Webinar
ForgeRock
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network securityBev Robb
 
Pas d'IoT sans Identité!
Pas d'IoT sans Identité!Pas d'IoT sans Identité!
Pas d'IoT sans Identité!
Leonard Moustacchis
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
Zoltan Balazs
 
Protecting your Organisation from the Internet of Evil Things
Protecting your Organisation from the Internet of Evil ThingsProtecting your Organisation from the Internet of Evil Things
Protecting your Organisation from the Internet of Evil Things
Zeshan Sattar
 
Why should you do a pentest?
Why should you do a pentest?Why should you do a pentest?
Why should you do a pentest?
Abraham Aranguren
 
Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)
Mikko Ohtamaa
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
NowSecure
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
Karwan Mustafa Kareem
 
Avoiding Common Security Breaches & HIPAA Violations
Avoiding Common Security Breaches & HIPAA ViolationsAvoiding Common Security Breaches & HIPAA Violations
Avoiding Common Security Breaches & HIPAA Violations
Biblical Counseling Center of Bradenton, FL
 
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptxDISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
mahendrarm2112
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoT
Priyanka Aash
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
NowSecure
 

Similar to New Frontiers in Cyber Forensics (20)

Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
Mobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the CodeMobile Penetration Testing: Episode II - Attack of the Code
Mobile Penetration Testing: Episode II - Attack of the Code
 
Mobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic MenaceMobile Penetration Testing: Episode 1 - The Forensic Menace
Mobile Penetration Testing: Episode 1 - The Forensic Menace
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Breaking Extreme Networks WingOS: How to own millions of devices running on A...Breaking Extreme Networks WingOS: How to own millions of devices running on A...
Breaking Extreme Networks WingOS: How to own millions of devices running on A...
 
" Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on..." Breaking Extreme Networks WingOS: How to own millions of devices running on...
" Breaking Extreme Networks WingOS: How to own millions of devices running on...
 
voip_en
voip_envoip_en
voip_en
 
Security & Identity for the Internet of Things Webinar
Security & Identity for the Internet of Things WebinarSecurity & Identity for the Internet of Things Webinar
Security & Identity for the Internet of Things Webinar
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network security
 
Pas d'IoT sans Identité!
Pas d'IoT sans Identité!Pas d'IoT sans Identité!
Pas d'IoT sans Identité!
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Protecting your Organisation from the Internet of Evil Things
Protecting your Organisation from the Internet of Evil ThingsProtecting your Organisation from the Internet of Evil Things
Protecting your Organisation from the Internet of Evil Things
 
Why should you do a pentest?
Why should you do a pentest?Why should you do a pentest?
Why should you do a pentest?
 
Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)Operations security - SyPy Dec 2014 (Sydney Python users)
Operations security - SyPy Dec 2014 (Sydney Python users)
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
 
Avoiding Common Security Breaches & HIPAA Violations
Avoiding Common Security Breaches & HIPAA ViolationsAvoiding Common Security Breaches & HIPAA Violations
Avoiding Common Security Breaches & HIPAA Violations
 
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptxDISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoT
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 

More from Albert Hui

Information Security from Risk Management and Design
Information Security from Risk Management and DesignInformation Security from Risk Management and Design
Information Security from Risk Management and Design
Albert Hui
 
The Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsThe Practice of Cyber Crime Investigations
The Practice of Cyber Crime Investigations
Albert Hui
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Albert Hui
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersAlbert Hui
 
(Mis)trust in the cyber era
(Mis)trust in the cyber era(Mis)trust in the cyber era
(Mis)trust in the cyber eraAlbert Hui
 
Universal DDoS Mitigation Bypass
Universal DDoS Mitigation BypassUniversal DDoS Mitigation Bypass
Universal DDoS Mitigation Bypass
Albert Hui
 
Cyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the CorporateCyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the Corporate
Albert Hui
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?Albert Hui
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response TriageAlbert Hui
 
Insights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemInsights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemAlbert Hui
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
Albert Hui
 

More from Albert Hui (11)

Information Security from Risk Management and Design
Information Security from Risk Management and DesignInformation Security from Risk Management and Design
Information Security from Risk Management and Design
 
The Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsThe Practice of Cyber Crime Investigations
The Practice of Cyber Crime Investigations
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New Frontiers
 
(Mis)trust in the cyber era
(Mis)trust in the cyber era(Mis)trust in the cyber era
(Mis)trust in the cyber era
 
Universal DDoS Mitigation Bypass
Universal DDoS Mitigation BypassUniversal DDoS Mitigation Bypass
Universal DDoS Mitigation Bypass
 
Cyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the CorporateCyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the Corporate
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response Triage
 
Insights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemInsights into the Cybercrime Ecosystem
Insights into the Cybercrime Ecosystem
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
 

Recently uploaded

Multi-source connectivity as the driver of solar wind variability in the heli...
Multi-source connectivity as the driver of solar wind variability in the heli...Multi-source connectivity as the driver of solar wind variability in the heli...
Multi-source connectivity as the driver of solar wind variability in the heli...
Sérgio Sacani
 
Lateral Ventricles.pdf very easy good diagrams comprehensive
Lateral Ventricles.pdf very easy good diagrams comprehensiveLateral Ventricles.pdf very easy good diagrams comprehensive
Lateral Ventricles.pdf very easy good diagrams comprehensive
silvermistyshot
 
Hemostasis_importance& clinical significance.pptx
Hemostasis_importance& clinical significance.pptxHemostasis_importance& clinical significance.pptx
Hemostasis_importance& clinical significance.pptx
muralinath2
 
Deep Behavioral Phenotyping in Systems Neuroscience for Functional Atlasing a...
Deep Behavioral Phenotyping in Systems Neuroscience for Functional Atlasing a...Deep Behavioral Phenotyping in Systems Neuroscience for Functional Atlasing a...
Deep Behavioral Phenotyping in Systems Neuroscience for Functional Atlasing a...
Ana Luísa Pinho
 
Body fluids_tonicity_dehydration_hypovolemia_hypervolemia.pptx
Body fluids_tonicity_dehydration_hypovolemia_hypervolemia.pptxBody fluids_tonicity_dehydration_hypovolemia_hypervolemia.pptx
Body fluids_tonicity_dehydration_hypovolemia_hypervolemia.pptx
muralinath2
 
Earliest Galaxies in the JADES Origins Field: Luminosity Function and Cosmic ...
Earliest Galaxies in the JADES Origins Field: Luminosity Function and Cosmic ...Earliest Galaxies in the JADES Origins Field: Luminosity Function and Cosmic ...
Earliest Galaxies in the JADES Origins Field: Luminosity Function and Cosmic ...
Sérgio Sacani
 
Hemoglobin metabolism_pathophysiology.pptx
Hemoglobin metabolism_pathophysiology.pptxHemoglobin metabolism_pathophysiology.pptx
Hemoglobin metabolism_pathophysiology.pptx
muralinath2
 
EY - Supply Chain Services 2018_template.pptx
EY - Supply Chain Services 2018_template.pptxEY - Supply Chain Services 2018_template.pptx
EY - Supply Chain Services 2018_template.pptx
AlguinaldoKong
 
Structural Classification Of Protein (SCOP)
Structural Classification Of Protein (SCOP)Structural Classification Of Protein (SCOP)
Structural Classification Of Protein (SCOP)
aishnasrivastava
 
RNA INTERFERENCE: UNRAVELING GENETIC SILENCING
RNA INTERFERENCE: UNRAVELING GENETIC SILENCINGRNA INTERFERENCE: UNRAVELING GENETIC SILENCING
RNA INTERFERENCE: UNRAVELING GENETIC SILENCING
AADYARAJPANDEY1
 
Nutraceutical market, scope and growth: Herbal drug technology
Nutraceutical market, scope and growth: Herbal drug technologyNutraceutical market, scope and growth: Herbal drug technology
Nutraceutical market, scope and growth: Herbal drug technology
Lokesh Patil
 
platelets- lifespan -Clot retraction-disorders.pptx
platelets- lifespan -Clot retraction-disorders.pptxplatelets- lifespan -Clot retraction-disorders.pptx
platelets- lifespan -Clot retraction-disorders.pptx
muralinath2
 
Richard's aventures in two entangled wonderlands
Richard's aventures in two entangled wonderlandsRichard's aventures in two entangled wonderlands
Richard's aventures in two entangled wonderlands
Richard Gill
 
What is greenhouse gasses and how many gasses are there to affect the Earth.
What is greenhouse gasses and how many gasses are there to affect the Earth.What is greenhouse gasses and how many gasses are there to affect the Earth.
What is greenhouse gasses and how many gasses are there to affect the Earth.
moosaasad1975
 
Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...
Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...
Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...
NathanBaughman3
 
Richard's entangled aventures in wonderland
Richard's entangled aventures in wonderlandRichard's entangled aventures in wonderland
Richard's entangled aventures in wonderland
Richard Gill
 
NuGOweek 2024 Ghent - programme - final version
NuGOweek 2024 Ghent - programme - final versionNuGOweek 2024 Ghent - programme - final version
NuGOweek 2024 Ghent - programme - final version
pablovgd
 
insect taxonomy importance systematics and classification
insect taxonomy importance systematics and classificationinsect taxonomy importance systematics and classification
insect taxonomy importance systematics and classification
anitaento25
 
GBSN - Microbiology (Lab 4) Culture Media
GBSN - Microbiology (Lab 4) Culture MediaGBSN - Microbiology (Lab 4) Culture Media
GBSN - Microbiology (Lab 4) Culture Media
Areesha Ahmad
 
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...
Sérgio Sacani
 

Recently uploaded (20)

Multi-source connectivity as the driver of solar wind variability in the heli...
Multi-source connectivity as the driver of solar wind variability in the heli...Multi-source connectivity as the driver of solar wind variability in the heli...
Multi-source connectivity as the driver of solar wind variability in the heli...
 
Lateral Ventricles.pdf very easy good diagrams comprehensive
Lateral Ventricles.pdf very easy good diagrams comprehensiveLateral Ventricles.pdf very easy good diagrams comprehensive
Lateral Ventricles.pdf very easy good diagrams comprehensive
 
Hemostasis_importance& clinical significance.pptx
Hemostasis_importance& clinical significance.pptxHemostasis_importance& clinical significance.pptx
Hemostasis_importance& clinical significance.pptx
 
Deep Behavioral Phenotyping in Systems Neuroscience for Functional Atlasing a...
Deep Behavioral Phenotyping in Systems Neuroscience for Functional Atlasing a...Deep Behavioral Phenotyping in Systems Neuroscience for Functional Atlasing a...
Deep Behavioral Phenotyping in Systems Neuroscience for Functional Atlasing a...
 
Body fluids_tonicity_dehydration_hypovolemia_hypervolemia.pptx
Body fluids_tonicity_dehydration_hypovolemia_hypervolemia.pptxBody fluids_tonicity_dehydration_hypovolemia_hypervolemia.pptx
Body fluids_tonicity_dehydration_hypovolemia_hypervolemia.pptx
 
Earliest Galaxies in the JADES Origins Field: Luminosity Function and Cosmic ...
Earliest Galaxies in the JADES Origins Field: Luminosity Function and Cosmic ...Earliest Galaxies in the JADES Origins Field: Luminosity Function and Cosmic ...
Earliest Galaxies in the JADES Origins Field: Luminosity Function and Cosmic ...
 
Hemoglobin metabolism_pathophysiology.pptx
Hemoglobin metabolism_pathophysiology.pptxHemoglobin metabolism_pathophysiology.pptx
Hemoglobin metabolism_pathophysiology.pptx
 
EY - Supply Chain Services 2018_template.pptx
EY - Supply Chain Services 2018_template.pptxEY - Supply Chain Services 2018_template.pptx
EY - Supply Chain Services 2018_template.pptx
 
Structural Classification Of Protein (SCOP)
Structural Classification Of Protein (SCOP)Structural Classification Of Protein (SCOP)
Structural Classification Of Protein (SCOP)
 
RNA INTERFERENCE: UNRAVELING GENETIC SILENCING
RNA INTERFERENCE: UNRAVELING GENETIC SILENCINGRNA INTERFERENCE: UNRAVELING GENETIC SILENCING
RNA INTERFERENCE: UNRAVELING GENETIC SILENCING
 
Nutraceutical market, scope and growth: Herbal drug technology
Nutraceutical market, scope and growth: Herbal drug technologyNutraceutical market, scope and growth: Herbal drug technology
Nutraceutical market, scope and growth: Herbal drug technology
 
platelets- lifespan -Clot retraction-disorders.pptx
platelets- lifespan -Clot retraction-disorders.pptxplatelets- lifespan -Clot retraction-disorders.pptx
platelets- lifespan -Clot retraction-disorders.pptx
 
Richard's aventures in two entangled wonderlands
Richard's aventures in two entangled wonderlandsRichard's aventures in two entangled wonderlands
Richard's aventures in two entangled wonderlands
 
What is greenhouse gasses and how many gasses are there to affect the Earth.
What is greenhouse gasses and how many gasses are there to affect the Earth.What is greenhouse gasses and how many gasses are there to affect the Earth.
What is greenhouse gasses and how many gasses are there to affect the Earth.
 
Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...
Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...
Astronomy Update- Curiosity’s exploration of Mars _ Local Briefs _ leadertele...
 
Richard's entangled aventures in wonderland
Richard's entangled aventures in wonderlandRichard's entangled aventures in wonderland
Richard's entangled aventures in wonderland
 
NuGOweek 2024 Ghent - programme - final version
NuGOweek 2024 Ghent - programme - final versionNuGOweek 2024 Ghent - programme - final version
NuGOweek 2024 Ghent - programme - final version
 
insect taxonomy importance systematics and classification
insect taxonomy importance systematics and classificationinsect taxonomy importance systematics and classification
insect taxonomy importance systematics and classification
 
GBSN - Microbiology (Lab 4) Culture Media
GBSN - Microbiology (Lab 4) Culture MediaGBSN - Microbiology (Lab 4) Culture Media
GBSN - Microbiology (Lab 4) Culture Media
 
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...
 

New Frontiers in Cyber Forensics

  • 1. Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC Principal Consultant Hong Kong Seminar April 12th 2016 @ Hong Kong
  • 2.  Spoke at Black Hat, ACFE Asia Pacific Fraud Conference, HTCIA Asia Pacific Forensics Conference, and Economist Corporate Network.  Risk Consultant for Banks, Government and Critical Infrastructures.  SANS GIAC Advisory Board Member.  Co-designed the first Computer Forensics curriculum for the Hong Kong Police Force.  Former HKUST Computer Science lecturer. Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, CISA, CISM, CRISC Principal Consultant albert@securityronin.com 2
  • 3. Mobile Device Forensics  Physical Acquisition  Cracking iPhone Passcodes Network Forensics  Packet Capture  IP & Domain Intelligence  Email Analysis 3Copyright © 2016 Albert Hui
  • 4.
  • 5. Potentially allows for determining: 1. SMS, WhatsApp, WeChat messages sent and received 2. Pictures taken 3. Previous locations 4. Deleted documents and pictures (with physical acquisition) 5. Etc. 5Copyright © 2016 Albert Hui
  • 6. Physical Acquisition   Physical Analysis Copyright © 2016 Albert Hui 6 💣 Method very similar to jailbreak, load custom firmware, then unjailbreak  Can and did brick phones!
  • 7. Copyright © 2016 Albert Hui 7 💣 Physical acquisition requires manual pre-Jailbreak!  Might want to unjailbreak the phone afterwards   Or it might well be totally unacceptable after all
  • 8.  iOS 1–3: no need  iOS 4–7: yes, email, passwords and some apps need passcode  iOS 8–9: yes, most everything need passcode Copyright © 2016 Albert Hui 8 Copyright © Devon Ackeman http://goo.gl/UXt7Od
  • 9.  (Mac) /private/var/db/lockdown  (Windows) C:ProgramDataAppleLockdown Copyright © 2016 Albert Hui 9 💣 Need access to a synced computer 💣 since iOS 8+, phone must not have been turned off / restarted in the last 48 hours can unlock phone with paring file on a synced computer:
  • 10. Copyright © 2016 Albert Hui 10  Can brute-force passcodes  4-digit passcodes cracked under 40 minutes  More complex passcodes can take a long long time (dictionary attack)
  • 11. Copyright © 2016 Albert Hui 11 💣 Only work for 4-digit passcodes 💣 No longer work for iOs 8.1.1+ Copyright © FoneFunShop IP-BOX  Brute-force passcodes  Infinite retries via power off before iPhone remembers a failed try
  • 12.
  • 13. Potentially allows for determining: 1. What parties are involved? 2. Involved parties’ affiliations? 3. What events happened? 4. When did events happen? 5. How did events happen? 6. Etc. 13Copyright © 2016 Albert Hui
  • 14. Copyright © Computer Desktop Encyclopedia Ethernet 14Copyright © 2016 Albert Hui
  • 15. monitor session 1 source interface fastEthernet 0/1 monitor session 1 source interface fastEthernet 0/5 monitor session 1 source interface fastEthernet 0/6 monitor session 1 destination interface gigabitEthernet 0/1 Switch(config) # 15Copyright © 2016 Albert Hui
  • 16. 16Copyright © 2016 Albert Hui 💣 Must Swap Cables REAL Quick!  in order to keep existing TCP connections up (assuming switch port in PortFast mode)
  • 17. Ethernet Hub 💣 Most hubs are actually switches!  Test them! Throwing Star 💣 Beware of Packet Drops!  Use adequately powerful taps 17Copyright © 2016 Albert Hui
  • 18. Packet Capture  https://www.wireshark.org/  TCPDump (any modern UNIX) Traffic Analysis  NetworkMiner http://www.netresec.com/?page=Networkminer Copyright © 2016 Albert Hui 18 .pcap File 💣 Need SSL private key for decrypting https traffics!
  • 19. Copyright © Computer Desktop Encyclopedia Ethernet 19Copyright © 2016 Albert Hui
  • 20. 💣 often inaccurate!  Use of VPN / TOR / proxy/ anonymizer  Address block used in another country 209.58.130.172 20Copyright © 2016 Albert Hui
  • 21. 21Copyright © 2016 Albert Hui
  • 22. 22Copyright © 2016 Albert Hui
  • 23. Copyright © Computer Desktop Encyclopedia Ethernet 23Copyright © 2016 Albert Hui
  • 24. 24Copyright © 2016 Albert Hui 64.233.184.121
  • 25. 25Copyright © 2016 Albert Hui hkacfe.com
  • 26. Copyright © 2016 Albert Hui 26
  • 27.  DomainTools Whois https://whois.domaintools.com  MaxMind GeoIP2 Precision https://www.maxmind.com/en/batch_lookup  IP Intelligence Proxy / VPN Detection https://getipintel.net/  ExoneraTor Tor Relay Checker https://exonerator.torproject.org/  TCPIPUTILS.com Domain Neighbors http://www.tcpiputils.com/domain-neighbors  DomainTools Whois History https://research.domaintools.com/research/whois- history/  Wayback Machine https://archive.org/web/ 27Copyright © 2016 Albert Hui 💣 For IP geolocation, do not rely solely on:  ASN Lookup  “Visual Traceroute”  Google  or any single source for that matter
  • 28. Potentially allows for determining: 1. Who the sender is? 2. From what location was the email sent (home, office, café, etc.)? 3. What ISP was used? 4. What email service was used? 5. What is the mail delivery path? 6. Any attempt to spoof? 7. Etc. 28Copyright © 2016 Albert Hui
  • 29. 29Copyright © 2016 Albert Hui
  • 30. Copyright © 2016 Albert Hui 30
  • 31. Copyright © 2016 Albert Hui 31 Taiwanese Windows=
  • 32. Copyright © 2016 Albert Hui 32
  • 33. 33Copyright © 2016 Albert Hui
  • 34. 34Copyright © 2016 Albert Hui
  • 35.  IP Tracker Email Sender Finder http://www.ip-tracker.org/find/email-finder.php 35Copyright © 2016 Albert Hui