digital forensics and malware
play

Digital forensics and malware Digital forensics According to - PowerPoint PPT Presentation

Sep 10, 2022 •481 likes •630 views

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking for: attribution, alibis and statements, intent, evaluation of source, document authentication File carving ( e.g. , bifragment gap carving)

  1. Digital forensics and malware

  2. Digital forensics ● According to Wikipedia, you could be looking for: attribution, alibis and statements, intent, evaluation of source, document authentication ● File carving ( e.g. , bifragment gap carving) – Electron microscopes ● Memory forensics (Volatility) ● Network forensics (PCAPs, NetFlow records, NIDS logs) ● Database forensics ● Timestamps in document or log file analysis ● Steganography ● Digital forensic processes ● Benford's law

  3. File carving Alessio Sbarbaro User_talk:Yoggysot - Own work

  4. Memory forensics

  5. Steganography From https://www.tech2hack.com/steganography-hide-data-in-audio-video-image-files/

  6. Forensics tools ● File carvers – E.g. , Scalpel and foremost ● Log parsers ● Parsers/viewers for different kinds of files – SQLite, EXIF, etc. ● Linux commands that might be useful: – file, exif, sqlite3, losetup, mount, dd, ssdeep, grep, strings

  7. Malware ● Cryptovirology by Young and Yung ● The Art of Computer Virus Research and Defense by Szor – Common theme since the turn of the millennium: stay in memory and don't go out to disk ● Elk Cloner in 1981 (Skrenta) ● “Virus” coined by Cohen in 1983 (“Information only has meaning in that it is subject to interpretation”) – https://web.eecs.umich.edu/~aprakash/eecs588/handouts/cohen-viruses.html ● “Worm” came from John Brunner's The Shockwave Rider in 1975 – Creeper in 1971 for TENEX systems – ANIMAL in 1975 – Morris Worm in 1988 – Code Red in 2001

  8. Interesting types of malware ● Macroviruses – “On error resume next” ● Botnets – Command and Control (C&C), from IRC and hierarchical to fastflux and beyond ● Targeted threats and “RATs” – E.g., Tibetan exile community, Syria/Egypt, Mexico – Google “Citizen Lab” or watch “Black Code”

  9. Malware analysis ● Static vs. dynamic ● IDA Pro, Ollydbg, etc. ● Cuckoo Sandbox ● Decompilation ● Armoring, packing, etc.

  10. Stuxnet ● Attacked Iranian nuclear program ● Multiple ways of spreading ● Attempt to limit spread ● Not as buggy as malware typically is

  11. Anomaly detection ● A Sense of Self for Unix Processes (Forrest et al. in 1996)

  12. Resources ● Practical Malware Analysis by Honig and Sikorski ● http://www.forensicswiki.org/wiki/Tools

  13. Conferences you should check out ● IEEE Symposium on Security and Privacy (Oakland) ● USENIX Security Symposium – Also check out the workshops like FOCI and WOOT ● ACM Conference on Computer and Communications Security (CCS) ● Network and Distributed System Security Symposium (NDSS) ● Privacy-Enhancing Technologies Symposium (PETS) – Also PoPETS ● Also RAID for intrusion detection, DFRWS for forensics, CSF for policy and theory, Eurocrypt and Crypto, Blackhat, DEFCON, phrack, 2600 magazine, WPES and WEIS

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE

Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE

A RIZONA S TATE U NIVERSITY Malware Forensics Sukwha Kyung The Center for Cybersecurity and Digital Forensics A RIZONA S TATE U NIVERSITY Common Types of Attacks Phishing Malware SQLi XSS MITM DoS Brute-force &

858 views • 55 slides
About this presentation : Learning : What is Digital Forensics ? Political : Digital

About this presentation : Learning : What is Digital Forensics ? Political : Digital

An introduction to digital forensics About this presentation : Learning : What is Digital Forensics ? Political : Digital Forensics and Open Sources licensing Tool time : Digital Forensics Framework Presented by Solal Jacob core dev.

444 views • 30 slides
Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to collect and analyze (digital) evidence Three basic phases Data collection, Analysis, Reporting Triage Various sources of information

307 views • 20 slides
FuncTracker Discovering Shared Code (to aid malware forensics) Presenter: Charles LeDoux

FuncTracker Discovering Shared Code (to aid malware forensics) Presenter: Charles LeDoux

FuncTracker Discovering Shared Code (to aid malware forensics) Presenter: Charles LeDoux University of Louisiana at Lafayette Shifting Focus of Malware Research New focus is on forensics tasks Old question: What? New questions:

523 views • 19 slides
CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to Forensics Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Digital Forensics You will learn in this module: The principals of

1.09k views • 34 slides
Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

FloCon 2015 Conference January 15, 2015 Portland, Oregon Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively Resolve Computer Security Incidents in Organizations JESUS RAMIREZ PICHARDO (PMP, GCFA,

333 views • 30 slides
Stealth Secrets of the Malware Ninjas By Nick Harbour Overview Intro Background Info

Stealth Secrets of the Malware Ninjas By Nick Harbour Overview Intro Background Info

Stealth Secrets of the Malware Ninjas By Nick Harbour Overview Intro Background Info Malware Forensics and Incident Response Anti-Forensics Executables Stealth Techniques Live System Anti-Forensics Process

907 views • 76 slides
Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class of students Teaching digital forensics in a large class Teaching forensics at of students UL FRI Generating customized disk images Gaper Fele-or University of Ljubljana, Faculty of

446 views • 23 slides
Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer

Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer

Introduction to Digital Forensics Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer Forensics? What do you Need for a Careers in Computer Digital Forensics? Educational Background

509 views • 29 slides
Fast and Generic Malware Triage Using openioc_scan Volatility Plugin TAKAHIRO HARUYAMA

Fast and Generic Malware Triage Using openioc_scan Volatility Plugin TAKAHIRO HARUYAMA

Fast and Generic Malware Triage Using openioc_scan Volatility Plugin TAKAHIRO HARUYAMA (@CCI_FORENSICS) INTERNET INITIATIVE JAPAN INC. Digital Forensics Research Conference Europe 2015 Who am I? 2 Forensic Investigator & Malware

796 views • 27 slides
Digital Forensics Unraveling Incidents one byte at a time Digital Forensics Characteristics of

Digital Forensics Unraveling Incidents one byte at a time Digital Forensics Characteristics of

Digital Forensics Unraveling Incidents one byte at a time Digital Forensics Characteristics of Digital Evidence: Admissible evidence must be related to the fact being proved Authentic evidence must be real and related to the

1.13k views • 68 slides
Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru Mohammed Michael Marin Robert

Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru Mohammed Michael Marin Robert

Digital Forensics: A Cybersecurity Approach Hector Rivera Basiru Mohammed Michael Marin Robert Malegiannakis Ricardo Justiniano Introduction - What is Digital Forensics? Digital forensics defined - The process of recovering and interpreting

478 views • 30 slides
Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics & Watermarking P. J. Bateman, A. T. S. Ho, and J. A. Briffa This research is sponsored by an EPSRC/Charteris CASE Award Image Forensics

703 views • 38 slides
CSN11121/CSN11122 System Administration and Forensics Introduction to Digital Forensic

CSN11121/CSN11122 System Administration and Forensics Introduction to Digital Forensic

CSN11121/CSN11122 System Administration and Forensics Introduction to Digital Forensic 20/10/2011 r.ludwiniak@napier.ac.uk Lecture Objectives 1. History and definition of Digital Forensics 2. Context for an investigation 3. An overview of

1.04k views • 65 slides
Malware Detection in Memory Forensics: Current Issues and Challenges Ricardo J. Rodrguez

Malware Detection in Memory Forensics: Current Issues and Challenges Ricardo J. Rodrguez

Malware Detection in Memory Forensics: Current Issues and Challenges Ricardo J. Rodrguez All wrongs reversed under CC-BY-NC-SA license rjrodriguez@unizar.es @RicardoJRdez www.ricardojrodriguez.es Dept. of Computer Science and

540 views • 40 slides
Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute

Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute

Challenges in Digital Forensic Research R.I. Ferguson ian.ferguson@abertay.ac.uk 2 minute intro to Digital Forensics Some challenges scale cloud the encryption boundary anti-forensics Digital Forensics in 2 mins

415 views • 7 slides
Distributed Storage Networks and Computer Forensics 4 Volume Manager and RAID Christian

Distributed Storage Networks and Computer Forensics 4 Volume Manager and RAID Christian

Distributed Storage Networks and Computer Forensics 4 Volume Manager and RAID Christian Schindelhauer University of Freiburg Technical Faculty Computer Networks and Telematics Winter Semester 2011/12 RAID Redundant Array of Independent

434 views • 15 slides
DigForASP: A European Cooperation Network for Logic-based AI in Digital Forensics Stefania

DigForASP: A European Cooperation Network for Logic-based AI in Digital Forensics Stefania

DigForASP: A European Cooperation Network for Logic-based AI in Digital Forensics Stefania Costantini (UnivAQ) Francesca Lisi (UniBA) Raffaele Olivieri (RaCIS) The Action Web Site: digforasp.uca.es COST: European Cooperation in Science

613 views • 27 slides
HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics

HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics

HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics Lab Director HTCIA/ICFP/ACM/IEEE/ACIS/ISSA asoto@asoto.com INTENDED AUDIENCE Forensic lab directors / analysts - Law enforcement - Researchers -

568 views • 36 slides
Forensics-as-a-Service and Models for Forensic Brokerage Dr. Keyun Ruan University College

Forensics-as-a-Service and Models for Forensic Brokerage Dr. Keyun Ruan University College

Forensics-as-a-Service and Models for Forensic Brokerage Dr. Keyun Ruan University College Dublin TAFC/IFIP11.11, 6 June 2013 Malaga, Spain What is Cloud Forensics? Law enforcement perspective Security perspective Traditional

350 views • 16 slides
Nationwide Cyber Situational Awareness Framework for Critical In Infrastructures Hayretdin

Nationwide Cyber Situational Awareness Framework for Critical In Infrastructures Hayretdin

A A Conceptual Nationwide Cyber Situational Awareness Framework for Critical In Infrastructures Hayretdin Bahi , Olaf Manuel Maennel Centre For Digital Forensics and Cyber Security Tallinn University of Technology Evolvement of Cyber

470 views • 13 slides
Securing History: Privacy and Accountability in Database Systems Gerome Miklau (Joint work with

Securing History: Privacy and Accountability in Database Systems Gerome Miklau (Joint work with

Securing History: Privacy and Accountability in Database Systems Gerome Miklau (Joint work with Brian Levine & Patrick Stahlberg) University of Massachusetts, Amherst History a record of past data and operations performed on a system.

777 views • 29 slides
De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst

De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst

De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case Senior Security Analyst Speaker Background Computer Science degree from the University of New Orleans Former Security Consultant for Neohapsis Worked for Digital

911 views • 61 slides
Vassil Roussev Candice Quates The M57 Case Study Introduction 2 M57: The company & setup

Vassil Roussev Candice Quates The M57 Case Study Introduction 2 M57: The company & setup

DFRWS12 /Aug 5-8 2012/Washington DC Vassil Roussev Candice Quates The M57 Case Study Introduction 2 M57: The company & setup Employees: o President: Pat McGoo o IT: Terry o Researchers: Jo, Charlie Period o 11/16/2009

673 views • 50 slides

More recommend