darwinism via forensics
play

Darwinism via Forensics People Make Dumb Decisions With Todays - PowerPoint PPT Presentation

Mar 23, 2024 •237 likes •646 views

Darwinism via Forensics People Make Dumb Decisions With Todays Technology Bill Dean, CCE Senior Manager, LBMC Information Security February 7, 2017 Todays Agenda Digital Forensics Basics How Does it work? Applicable Case Studies

  1. Darwinism via Forensics People Make Dumb Decisions With Today’s Technology Bill Dean, CCE Senior Manager, LBMC Information Security February 7, 2017

  2. Today’s Agenda  Digital Forensics Basics • How Does it work?  Applicable Case Studies • They Really did that?  “Pro” Tips Along the Way  This Will Not Be Boring 2

  3. Digital Forensics Basics  Recovering/Analyzing Deleted Information  Keyword Searching  Digital Communications  Internet Activities  Pictures/Movies  File Activity  External Storage Usage  Metadata/EXIF Data  Application Execution Histories  Anti-Forensics Efforts 3

  4. Technologies We Analyze  Computers  Servers  Memory  Mobile Devices  Cloud Storage  Removable Media  GPS Devices  Watches/FitBits 4

  5. Deleted Information 5

  6. Deleted Information 6

  7. Keyword Searching  Valuable..But Boring  Very Flexible • Operators (and, or, not) • Proximity (plum w/5 pear)  Stemming  Fuzzy  Synonym 7

  8. Communications  Conventional Email  Webmail (Gmail, Hotmail, etc.)  Associated Attachments  Social Network Communications  We will discuss TXT messaging later 8

  9. Internet Histories  Tells a Story  We Know What You Are Thinking  Google Keeps Your Search Histories (and more)  We Recover Deleted Internet Histories  We Don’t Care Which Browser You Use 9

  10. Facebook Chats  Suspected Affair  Suspect Learned About Investigation • Cleared All Chat Histories • Deleted Internet Histories  Didn ’ t Matter  282 Facebook Chat Messages Recovered  Exactly What Was Suspected 10

  11. Employment Matter  Workplace Injury  “Diminished Quality of Life”  Internet Research • Condition Symptoms • Workers’ Compensation Calculators • Computer Forensics  Personal Pictures • Vacations • Orange/White Game • Lake Activities 11

  12. File activity  Creation  Modification  Accessed  Deleted  Opened • From Where 12

  13. External Storage Usage  We Know Every USB Device Used • USB Storage • Mobile Phones • GPS Devices • Anything Else  First and Last Times Used • Sometimes Each time • And How Long  Model and Serial Number 13

  14. 14

  15. 15

  16. Intellectual Property Theft  12/22 – Employee Resigned from Company  12/02 – Google Search for “ Is ____ a good company to work for?”  12/10 – Copied “Projects” Folder to Desktop  Folder Contained 5000+ Proprietary Designs 16

  17. Intellectual Property Theft  12/22 @ 1:10AM – Laptop was powered on  12/02 @ 1:11AM – Laptop recognized USB drive  12/22 @ 1:13 – The “Projects” folder was moved to USB  12/22 @ 2:03 – Laptop was powered off 17

  18. Application Executions  We know the first execution date/time  We know the last execution date/time  We know how many executions  We know what user executed the application 18

  19. “Easy” Trade Secret Theft  Employee Resigned on May 6, 2011  Google Query “ How do I link another email account to Gmail if that other account uses IMAP? ”  Copied sensitive information to USB  DropBox installed March 3, 2011  DropBox uninstalled May 6, 2011 19

  20. “Easy” Trade Secret Theft 20

  21. “Easy” Trade Secret Theft 21

  22. “Easy” Trade Secret Theft 22

  23. DropBox ≠ “Easy” Trade Secret Theft  Analysis of home machine  Business secrets “synchronized”  Copied sensitive information to USB  Copied to USB drive on May 7, 2011  DropBox uninstalled May 6, 2011 23

  24. MetaData/EXIF Data  “Information about Information” • Dates of Creation or Access • Authors • Prior Histories • Editing Histories • Printing  Email  Spreadsheets  Office Documents  Pictures 24

  25. MetaData Case Study #1 25

  26. MetaData Case Study #1 26

  27. MetaData Case Study #2 27

  28. Anti-Forensics Efforts  Effort to Conceal/Destroy  Most Often Noticeable  Special Programs  System Utilities 28

  29. Anti-Forensics Case Study 29

  30. 30

  31. Klumb v. Goan  Young Attorney Marries Established Businessman  We Need to “Monitor” the Children  Speculation of a “Plan” 31

  32. http://www.goklg.com/2012/08/01/ex-spouse-hit-with-20k-in-damages-for-email- eavesdropping-klumb-v-goan/ 32

  33. Divorce Grand Scheme  All Computers Involved  Hundreds of YahooMail! Emails Recovered  Discrepancies of Emails Produced in Discovery  “I don’t have a USB drive”  Conflicting Antenuptual Agreements http://cyb3rcrim3.blogspot.com/2012/08/eblaster-wiretapping-and-prenup.html 33

  34. Ruthless Business Partner  Company Ownership Split  Competing Company Knew “Everything”  Thought Offices Were Bugged 34

  35. Triple Crown Winner  11/10 – Employee Dismissed (All Access Not Removed)  1/24 – Someone Connected and “Cracked” Passwords  1/25 – Someone Installed Remote Control Software • Began Accessing Sensitive Computers • Began Accessing CCTV Systems • Accessed Sensitive Information 35

  36. Triple Crown Winner  2/20 – Connected to Computer • Recovered Passwords • Accessed Email of – IT Director – Purchasing Manager  Placed Online Orders  Searched for More Credit Card Info 36

  37. Nation State Espionage  “ I Have Not Been to China”

  38. Nation State Espionage  “OK.. Maybe Once or Twice”

  39. iMessage Sync = $ Divorce  Suspected Affair  iMessage Communications  Borrowed Son’s iPad  Entire Conversation Synced 39

  40. Bill Dean, CCE bdean@lbmc.com (865) 862-3051

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Is Quantum Darwinism Really a Darwinism? Florian J. Boge IZWT, BU Wuppertal The

Is Quantum Darwinism Really a Darwinism? Florian J. Boge IZWT, BU Wuppertal The

Is Quantum Darwinism Really a Darwinism? Florian J. Boge IZWT, BU Wuppertal The Generalized Theory of Evolution D usseldorf University February 3rd, 2018 QT in a Nutshell Decoherence & Q. Darwinism Whence the Darwinism?

489 views • 29 slides
Extended Evolutionary Synthesis as Replacement of Neo-Darwinism Perry Marshall CEO, Natural

Extended Evolutionary Synthesis as Replacement of Neo-Darwinism Perry Marshall CEO, Natural

Extended Evolutionary Synthesis as Replacement of Neo-Darwinism Perry Marshall CEO, Natural Code LLC Author, Evolution 2.0 BenBella 2017 Industrial Ethernet 3rd ed. ISA 2017 Neo-Darwinism Definition from dictionary.com: The theory of

307 views • 30 slides
About this presentation : Learning : What is Digital Forensics ? Political : Digital

About this presentation : Learning : What is Digital Forensics ? Political : Digital

An introduction to digital forensics About this presentation : Learning : What is Digital Forensics ? Political : Digital Forensics and Open Sources licensing Tool time : Digital Forensics Framework Presented by Solal Jacob core dev.

444 views • 30 slides
CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to Forensics Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Digital Forensics You will learn in this module: The principals of

1.09k views • 34 slides
CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Forensics for Graphics Files Types of graphics file formats Type of data compression How to locate

362 views • 25 slides
2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York

2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York

2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York computer forensics firm found that 40% of the hard disk drives it recently purchased in bulk orders on eBay contained personal, private and sensitive

884 views • 70 slides
Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking for: attribution, alibis and statements, intent, evaluation of source, document authentication File carving ( e.g. , bifragment gap carving)

630 views • 13 slides
CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Overview of Mobile Forensics Originated in Europe and focused on the GSM SIM card. Roaming of Devices

694 views • 17 slides
Evolution as Computation: Integrating Self-Organization with Generalized Darwinism ERIC D.

Evolution as Computation: Integrating Self-Organization with Generalized Darwinism ERIC D.

Accepted 1/29/11 by the Journal of Institutional Economics for its Special Issue on Evolution and Institutions uncorrected version Evolution as Computation: Integrating Self-Organization with Generalized Darwinism ERIC D. BEINHOCKER 1

539 views • 36 slides
Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics & Watermarking P. J. Bateman, A. T. S. Ho, and J. A. Briffa This research is sponsored by an EPSRC/Charteris CASE Award Image Forensics

703 views • 38 slides
Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class of students Teaching digital forensics in a large class Teaching forensics at of students UL FRI Generating customized disk images Gaper Fele-or University of Ljubljana, Faculty of

446 views • 23 slides
Android: forensics and reverse engineering Raphal Rigo - ANSSI 26/11/2010 Agence nationale de

Android: forensics and reverse engineering Raphal Rigo - ANSSI 26/11/2010 Agence nationale de

Android: forensics and reverse engineering Raphal Rigo - ANSSI 26/11/2010 Agence nationale de la A N S S I scurit des systmes dinformation Introduction Forensics: context Forensics: memory Forensics: filesystem Reverse

545 views • 36 slides
Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to collect and analyze (digital) evidence Three basic phases Data collection, Analysis, Reporting Triage Various sources of information

307 views • 20 slides
CSE 469: Computer and Network Forensics Topic 6: Email Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 6: Email Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 6: Email Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Email System Components User agents / Webmail: Composing, editing, and reading mail messages. Mail

687 views • 49 slides
Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

FloCon 2015 Conference January 15, 2015 Portland, Oregon Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively Resolve Computer Security Incidents in Organizations JESUS RAMIREZ PICHARDO (PMP, GCFA,

333 views • 30 slides
CSE 469: Computer and Network Forensics Topic 8: Cloud and Web Forensics Dr. Mike Mabey | Spring

CSE 469: Computer and Network Forensics Topic 8: Cloud and Web Forensics Dr. Mike Mabey | Spring

CSE 469: Computer and Network Forensics Topic 8: Cloud and Web Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics What is The Cloud? A computing storage system that provides on-demand network access for

613 views • 25 slides
Understanding the use of stolen account credentials by cybercriminals Gianluca Stringhini

Understanding the use of stolen account credentials by cybercriminals Gianluca Stringhini

Understanding the use of stolen account credentials by cybercriminals Gianluca Stringhini University College London Abuse on online services [NDSS2017] [NDSS2013] [ACSAC2010] Malware Spam [AsiaCCS2017] [TDSC2016] [USENIX2011]

325 views • 17 slides
Knowledge is Power and Portable: An In-Depth Look at the Right to Data Portability K Royal ,

Knowledge is Power and Portable: An In-Depth Look at the Right to Data Portability K Royal ,

April 4, 2019 Knowledge is Power and Portable: An In-Depth Look at the Right to Data Portability K Royal , Director, Consulting, TrustArc Margaret Gloeckle , Privacy & Compliance Counsel, A+E Networks Debra Bromson , Assistant General

493 views • 35 slides
Predictive Mitigation of Timing Channels in Interactive Systems Danfeng Zhang , Aslan Askarov,

Predictive Mitigation of Timing Channels in Interactive Systems Danfeng Zhang , Aslan Askarov,

Predictive Mitigation of Timing Channels in Interactive Systems Danfeng Zhang , Aslan Askarov, Andrew C. Myers Cornell University CCS 2011 Timing Channels Hard to detect and prevent 10/20/2011 2 Timing Channels: Examples Cryptographic

664 views • 38 slides
Whats wrong with the world today? Joseph Bonneau (University of Cambridge) Whats in a Name?

Whats wrong with the world today? Joseph Bonneau (University of Cambridge) Whats in a Name?

N EW D IRECTIONS IN D IGITAL P ROTEST Joseph Bonneau jcb82@cl.cam.ac.uk Computer Laboratory Financial Crypto Rump Session Tenerife, Spain January 26, 2010 Joseph Bonneau (University of Cambridge) Whats in a Name? January 26, 2010 1 / 9

431 views • 24 slides
Using Secure Internet and Technology to Support Education in Prison Agenda *** Webinar will be

Using Secure Internet and Technology to Support Education in Prison Agenda *** Webinar will be

November 7, 2019 Using Secure Internet and Technology to Support Education in Prison Agenda *** Webinar will be recorded *** Introduction from Vera Current State and Lessons Learned from North Carolina, Iowa, and Wisconsin Q&A

251 views • 21 slides
Derivatives of Exponential and Logarithmic Functions Michael Freeze MAT 151 UNC Wilmington

Derivatives of Exponential and Logarithmic Functions Michael Freeze MAT 151 UNC Wilmington

Derivatives of Exponential and Logarithmic Functions Michael Freeze MAT 151 UNC Wilmington Summer 2013 1 / 23 Section 4.4 :: Derivatives of Exponential Functions 2 / 23 Derivative of e x d dx ( e x ) = e x Example Find the derivative of y

586 views • 23 slides
Resurgence out of the (literal) box Aleksey Cherman INT, University of Washington work in

Resurgence out of the (literal) box Aleksey Cherman INT, University of Washington work in

Resurgence out of the (literal) box Aleksey Cherman INT, University of Washington work in progress with M. Unsal and D. Dorigoni Resurgence for QFT Belief: QFT observables are transseries in the couplings Generically, all series are separately

585 views • 35 slides
Using Contextual Security Policies for Threat Response Yohann THOMAS - Herv DEBAR France

Using Contextual Security Policies for Threat Response Yohann THOMAS - Herv DEBAR France

Using Contextual Security Policies for Threat Response Yohann THOMAS - Herv DEBAR France Tlcom R&D - Caen, France Frdric CUPPENS - Nora CUPPENS-BOULAHIA ENST Bretagne - Rennes, France Research & Development DIMVA06 - July

570 views • 27 slides

More recommend