about this presentation
play

About this presentation : Learning : What is Digital Forensics ? - PowerPoint PPT Presentation

Feb 04, 2024 •135 likes •444 views

An introduction to digital forensics About this presentation : Learning : What is Digital Forensics ? Political : Digital Forensics and Open Sources licensing Tool time : Digital Forensics Framework Presented by Solal Jacob core dev.

  1. An introduction to digital forensics About this presentation : ● Learning : What is Digital Forensics ? ● Political : Digital Forensics and Open Sources licensing ● Tool time : Digital Forensics Framework Presented by Solal Jacob core dev. of DFF and CEO @ArxSys

  2. What's Digital Forensics ? Forensics : from latin forensis : forum. Belonging to, used or adapted to trial or public debate. Usage of Science or technologies during an investigation in order to establish evidences that can be receivable in a court.

  3. When use it

  4. Who use it ? Law Enforcement CERT Expert Student

  5. The goal

  6. Processes Mostly: Identification → Acquisition → Analysis → Reporting

  7. Reliability of evidence Neutrality Traceability

  8. Software evolution

  9. Software evolution

  10. Software evolution : Sum up Data recovery Forensics analysis Mono task software All in one / Framework Monothread Multi-thread / large scale Hard disk analysis RAM / cellphone / ...

  11. Hardware (Acquisition)

  12. Open Source Digital Forensics

  13. Open source digital forensics Misconception : Criminal have access to source code so they can protect themselves more easily.

  14. Open source digital forensics Misconception : Criminal have access to source code so they can protect themselves more easily. Black Hat 2007 : Breaking Forensics Software: Weaknesses in Critical Evidence Collection' (ISSEC Partners). Usage of fuzzing to exploit software bugs. 'The software and methods for testing the quality of forensic software should be public.'

  15. Open source digital forensics Misconception : Criminal have access to source code so they can protect themselves more easily. All of the closed source tools use some open-source code (LGPL, BSD, GPL ?), to handle outlook format, OCR, ...

  16. Open source digital forensics Problem : Closed source software are admissible in court (in USA) not open-source one.

  17. Open source digital forensics Problem : Closed source software are admissible in court (in USA) not open-source one. Frye VS the United States The court had to decide the admissibility of a polygraph test as evidence. “Testimony given by an expert must have a scientific basis that is established and accepted”

  18. Open source digital forensics Problem : Closed source software are admissible in court (in USA) not open-source one. Daubert v. Merrell Dow Pharmaceuticals in 1993 • Has the scientific theory or technique been empirically tested; or, is it falsifiable • Has the theory or technique been subjected to peer review and publication? • What is the known or potential error rate? • Is the theory or technique generally accepted within the relevant scientific community?

  19. T ool time In No You can It

  20. T ool time In No You can It

  21. Digital Forensics Framework

  22. DFF : Software component

  23. DFF : API Libraries Loader Filters Task-manager VFS Module Search Events Types Exceptions Datatype Tree

  24. DFF : Modules T ags Create/Modify nodes Analyse Input / Ouput Archives Connector Statistics Phone Export Search Mailbox UI specific File System Add metadata Volumes Builtins Metadata Node Hash Viewer

  25. DFF : Module execution

  26. DFF API : Stacked VFS

  27. DFF : Virtual Mapping 1) push(0, 512, dump.dd, 12348745)

  28. DFF : Virtual Mapping 1) push(0, 512, dump.dd, 12348745) 2) push(512, 512, dump.dd, 10240)

  29. DFF : Virtual Mapping 1) push(0, 512, dump.dd, 12348745) 2) push(512, 512, dump.dd, 10240) N) push(1310720, 42, dump.dd, 4965478)

  30. End Don't forget tomorrow there is a two hours workshop : “Being an investigator” : solving a digital crime with DFF (14h00 / 2 A.M. / 0xe @ H211 ) Please install DFF 1.3 before coming (Not all modules are needed if it can run it's ok :) Web site : http://www.digital-forensic.org IRC : #digital-forensic / freenode Tracker : http://tracker.digital-forensic.org Wiki : http://wiki.digital-forensic.org Git : http://git.digital-forensic.org Professional Support : http://www.arxsys.fr

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

'Cyber Forensics' "Cyber" is a prefix used to describe a person, thing, or idea as part

'Cyber Forensics' "Cyber" is a prefix used to describe a person, thing, or idea as part

'Cyber Forensics' "Cyber" is a prefix used to describe a person, thing, or idea as part of the computer and information age. Taken from kybernetes , Greek for "steersman" or "governor," it was first used in

1.91k views • 156 slides
Assessment of Youth at Risk for Violence Shawn S. Sidhu, F.A.P.A. Disclosures I write CME

Assessment of Youth at Risk for Violence Shawn S. Sidhu, F.A.P.A. Disclosures I write CME

Assessment of Youth at Risk for Violence Shawn S. Sidhu, F.A.P.A. Disclosures I write CME questions for the American Psychiatric Associations journal FOCUS All statistics and graphs taken from the FBIs A Study of Active Shooter Incidents

614 views • 42 slides
Forensic Interviews: Plan to Succeed Charles L. McGimsey, CPA CFE CFF Numbers Dont Lie

Forensic Interviews: Plan to Succeed Charles L. McGimsey, CPA CFE CFF Numbers Dont Lie

Forensic Interviews: Plan to Succeed Charles L. McGimsey, CPA CFE CFF Numbers Dont Lie CAQ Fraud Case Study: Kendallville Bank Dan Davis Court Appointed Accountant How would you determine why customers left? Fraud

305 views • 16 slides
A Network Black Box with Splunk for Forensic Analysis of Attack Patterns Clive Blackwell Oxford

A Network Black Box with Splunk for Forensic Analysis of Attack Patterns Clive Blackwell Oxford

A Network Black Box with Splunk for Forensic Analysis of Attack Patterns Clive Blackwell Oxford Brookes University Oxford, United Kingdom CBlackwell@brookes.ac.uk Roadmap Three layer architectural security model Influenced by OSI

782 views • 37 slides
= EBB Overview 2017 Marks Year Four Up to $3,000 In Accordance with: Appendix

= EBB Overview 2017 Marks Year Four Up to $3,000 In Accordance with: Appendix

EBB Overview Jointly managed by CEA and Cal OES Created to offer retrofit incentives EBB first to promote code-compliant retrofit More than 1 Million homes + = EBB Overview 2017 Marks Year Four Up to $3,000 In

607 views • 60 slides
The Solid Rock My hope is built on nothing less Than

The Solid Rock My hope is built on nothing less Than

The Solid Rock My hope is built on nothing less Than Jesus' blood and righteousness; I dare not trust the sweetest frame, But wholly lean on

362 views • 19 slides
Acts Series Lesson #103 March 26, 2013 Dean Bible Ministries www.deanbible.org Dr. Robert L.

Acts Series Lesson #103 March 26, 2013 Dean Bible Ministries www.deanbible.org Dr. Robert L.

Acts Series Lesson #103 March 26, 2013 Dean Bible Ministries www.deanbible.org Dr. Robert L. Dean, Jr. The Acts of the Apostles To the end of the earth Acts 1:8 Expansion: Opposition and Acceptance Acts 14:828 Acts 14:8, And

373 views • 24 slides
CrossBow: From Hardware Virtualized NICs t\ to Virtualized Networks Sunay Tripathi, Nicolas

CrossBow: From Hardware Virtualized NICs t\ to Virtualized Networks Sunay Tripathi, Nicolas

CrossBow: From Hardware Virtualized NICs t\ to Virtualized Networks Sunay Tripathi, Nicolas Droux, Thirumalai Srinivasan, Kais Belgaied Aug 17 th . 2009 Sigcomm VISA 2009, Barcelona Sunay Tripathi, Distinguished Engineer, Sun Microsystems Inc

289 views • 24 slides
Post E vent Data Collection Case Studies Andre R. Barbosa, Ph.D. Assistant Professor of

Post E vent Data Collection Case Studies Andre R. Barbosa, Ph.D. Assistant Professor of

Post E vent Data Collection Case Studies Andre R. Barbosa, Ph.D. Assistant Professor of Structural Engineering EERI & DOGAMI: Post-Earthquake Reconnaissance Workshop Portland, Oregon, April 9, 2018 Nepal 2015 Italy 2015 Napa 2014 China

479 views • 34 slides
Vulnerability of Transportation Networks to Traffic-Signal Tampering Aron Laszka 1 , Bradley

Vulnerability of Transportation Networks to Traffic-Signal Tampering Aron Laszka 1 , Bradley

Vulnerability of Transportation Networks to Traffic-Signal Tampering Aron Laszka 1 , Bradley Potteiger 2 , Yevgeniy Vorobeychik 2 , Saurabh Amin 3 , Xenofon Koutsoukos 2 1 University of California, Berkeley 2 Vanderbilt University 3

447 views • 26 slides
Status of the Graphics Stack on FreeBSD Jean-Sbastien Pdron The FreeBSD Project The X.Org

Status of the Graphics Stack on FreeBSD Jean-Sbastien Pdron The FreeBSD Project The X.Org

In the kernel In the Ports tree With the community Future challenges Summary Status of the Graphics Stack on FreeBSD Jean-Sbastien Pdron The FreeBSD Project The X.Org Developers Conference, 2014 J.S. Pdron FreeBSD Graphics Stack

678 views • 45 slides
CompSci 514: Computer Networks Lecture 13 TCP incast and Solutions Xiaowei Yang Roadmap

CompSci 514: Computer Networks Lecture 13 TCP incast and Solutions Xiaowei Yang Roadmap

CompSci 514: Computer Networks Lecture 13 TCP incast and Solutions Xiaowei Yang Roadmap Midterm I summary Midterm II date change: 12/15 Make up lecture for hurricane Many cant make it on that day Today Other Data Center

728 views • 57 slides
Lecture 5: Value Function Approximation Emma Brunskill CS234 Reinforcement Learning. Winter 2018

Lecture 5: Value Function Approximation Emma Brunskill CS234 Reinforcement Learning. Winter 2018

Lecture 5: Value Function Approximation Emma Brunskill CS234 Reinforcement Learning. Winter 2018 The value function approximation structure for today closely follows much of David Silvers Lecture 6. For additional reading please see SB 2018

1.24k views • 92 slides
Community Wireless Networks and Regulatory Impact on Deployment in the United States Tim Pozar

Community Wireless Networks and Regulatory Impact on Deployment in the United States Tim Pozar

Community Wireless Networks and Regulatory Impact on Deployment in the United States Tim Pozar BAWUG GLOCOM Tokyo Forum Socio-Economic Impacts of Mobile / Wireless Technologies November 21 st 2002 Community Wireless Networks

645 views • 26 slides
BLOCKCHAIN The Audacity To Break Into A New Economic Period [RE] @richieetwaru scope of

BLOCKCHAIN The Audacity To Break Into A New Economic Period [RE] @richieetwaru scope of

BLOCKCHAIN The Audacity To Break Into A New Economic Period [RE] @richieetwaru scope of todays conversation Bitcoin Blockchain v.s. Just an instance of the blockchain Where is commerce globally Requires miners, and personal

3.1k views • 60 slides
Ripple & XRP Overview UNSW Blockchain & DLT Symposium FEBRUARY 2018 Dilip Rao, Global

Ripple & XRP Overview UNSW Blockchain & DLT Symposium FEBRUARY 2018 Dilip Rao, Global

Ripple & XRP Overview UNSW Blockchain & DLT Symposium FEBRUARY 2018 Dilip Rao, Global Head - Infrastructure Innovation WKEGKJJD6ITW3SPXJHEP 1 MKFEX6ANMB7U 1. Who We Are 2. Solutions Agenda 3. XRP: The Digital Asset for Payments

548 views • 40 slides
Time to Start over? Software for Exascale William Gropp www.cs.illinois.edu/~wgropp Why Is

Time to Start over? Software for Exascale William Gropp www.cs.illinois.edu/~wgropp Why Is

Time to Start over? Software for Exascale William Gropp www.cs.illinois.edu/~wgropp Why Is Exascale Different? Extreme power constraints, leading to Clock Rates similar to todays systems A wide-diversity of simple computing

984 views • 29 slides
Denial of Service Attacks that prevent legitimate users from doing their work By flooding

Denial of Service Attacks that prevent legitimate users from doing their work By flooding

Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing tables Or flooding routers Or destroying key packets Lecture 9 Page 1 CS 236 Online How Do Denial of

259 views • 15 slides
Cross-Site Scripting XSS Many sites allow users to upload information Blogs, photo

Cross-Site Scripting XSS Many sites allow users to upload information Blogs, photo

Cross-Site Scripting XSS Many sites allow users to upload information Blogs, photo sharing, Facebook, etc. Which gets permanently stored And displayed Attack based on uploading a script Other users inadvertently download

512 views • 15 slides
BitTorrent and fountain codes: friends or foes? Salvatore Spoto, Rossano Gaeta, Marco Grangetto,

BitTorrent and fountain codes: friends or foes? Salvatore Spoto, Rossano Gaeta, Marco Grangetto,

BitTorrent and fountain codes: friends or foes? Salvatore Spoto, Rossano Gaeta, Marco Grangetto, Matteo Sereno Dipartimento di informatica Universit di Torino Peer to peer and file sharing applications Peer to peer paradigm has a huge

821 views • 14 slides
Everything is Quantum The EU Quantum Flagship Our mission is to keep KPN reliable & secure

Everything is Quantum The EU Quantum Flagship Our mission is to keep KPN reliable & secure

Everything is Quantum The EU Quantum Flagship Our mission is to keep KPN reliable & secure and trusted by customers, partners and society part of the vital infra of NL Contents Whats the problem? Whats everyone up to? Are

527 views • 33 slides
Lessons Learned From Sendmail (The Good, The Bad, The Ugly) Eric Allman, UC Berkeley (again)

Lessons Learned From Sendmail (The Good, The Bad, The Ugly) Eric Allman, UC Berkeley (again)

Lessons Learned From Sendmail (The Good, The Bad, The Ugly) Eric Allman, UC Berkeley (again) EuroBSDcon, Lillehammer Norway, September 2019 Disclaimers Please be kind I wrote this talk at 6:00am today. Nothing specifically BSD, although

486 views • 12 slides
good? About Us Tom Cross, IBM X-Force Vulnerability tracking, analysis, and response

good? About Us Tom Cross, IBM X-Force Vulnerability tracking, analysis, and response

Lessons Learned: Can alerting the public about exploitation do more harm than good? About Us Tom Cross, IBM X-Force Vulnerability tracking, analysis, and response IPS signature delivery MAPP (Microsoft Active Protections

855 views • 43 slides
Using Application-Driven Checkpointing for Hot Spare High Availability Antti Kantee Cubical

Using Application-Driven Checkpointing for Hot Spare High Availability Antti Kantee Cubical

Using Application-Driven Checkpointing for Hot Spare High Availability Antti Kantee Cubical Solutions Ltd . The Target: 2n hotspare Antti Kantee <pooka@cubical.fi>, 2004 . imagine some mission critical service fact: all hardware will

277 views • 17 slides

More recommend