Darren Bilby: Defeating Windows Forensic Analysis In The Kernel (Japanese) Black Hat Briefings, Japan 2006 [Audio] Presentations From The Security Conference podcast

תוכן מסופק על ידי Black Hat and Jeff Moss. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Black Hat and Jeff Moss או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

Black Hat Briefings, Japan 2006 [Audio] Presentations from the security conference
Darren Bilby: Defeating Windows Forensic Analysis in the Kernel (Japanese)

18+ y ago 55:26

שתפו

MP3•בית הפרקים

"It is 4pm on a Friday, beer o'clock. You're just eyeing up your first beer and thinking about where the fish will be biting tomorrow. The phone rings, something "funny" is happening on a client's web server. A lot of money passes through the server and it looks like it could be serious. IDS on the network picked up a crypted command shell heading outbound from the server. You break out the security incident response manual and head to the scene. Being the process oriented and reliable chap you are, you load up your forensic toolkit and take forensic copies of current memory and disk. You kick off your tools to analyse the forensic copies you've taken, nothing. All the processes are good, no apparent hooks, all hashes match verifiable sources. You check the forensic copying process, it worked perfectly. What have you missed? How could it not be in memory or on disk? Someone is playing you for a fool, and it's probably someone in kernel land. Your forensic image has been faked, and yet any court in the country would accept your process as sound. This talk will be a low level talk aimed at forensic analysts, investigators, prosecutors and administrators. It will show new techniques and a previously unreleased working implementation called DDefy which anyone involved in forensic analysis should be aware of. The demonstration will show defeating live forensic disk and memory analysis on Windows systems exposing fundamental flaws in popular forensic tools. Attendees should preferably have an understanding of the live forensics process and some background in modern rootkit technologies. Knowledge of NTFS internals will also aid in understanding."

15 פרקים

#Podcasting #Tech #Blackhat Breifings And Training #Blackhat Japan 2006 #Black Hat Asia #Blackhat Tokyo #Hacking #Computer Security #Speeches #Presentations #Spoken Word #Audio #Tech News #Japan #Jeff Moss #Conventions #Hackers