forensic challenge v2 0
play

Forensic Challenge V2.0 UNAM-CERT RedIRIS Topics * Forensic - PowerPoint PPT Presentation

Sep 06, 2023 •360 likes •558 views

Forensic Challenge V2.0 UNAM-CERT RedIRIS Topics * Forensic Challenge V1.0 * Forensic Challenge V2.0 * Conclusions Introduction Why this forensic Challenge ? * To promote and impulse the Forensic Analysis in our Region -- Hispanoamerica--

  1. Forensic Challenge V2.0 UNAM-CERT RedIRIS

  2. Topics * Forensic Challenge V1.0 * Forensic Challenge V2.0 * Conclusions

  3. Introduction Why this forensic Challenge ? * To promote and impulse the Forensic Analysis in our Region -- Hispanoamerica-- * To know which tools are being used by our communitty in the Academy, Private and Public sector * In order to count with a simple picture of this area, research, etc.

  4. Forensic Challenge V1.0 Organized in 2003 by RedIRIS, in collaboration with: * UNAM-CERT (México) * CAIS/RNP (Brasil) * SANS * Spanish Security Experts * Awards donated from some companies: * Encase (Guidance Software) * SANS documentation * Forensic analysis of a compromised Linux Machine (Honeypot) * No special intrusion, simple one. * Small diffusion security lists in Spanish

  5. Forensic Challenge V1.0 Objective: * Promote computer forensic “awareness” in our constituencies * Provide a “learn by example” repository of forensic analysis in Spanish that could be useful to users that want to learn about computer forensic. At the end: 14 participants send their reports that are published in the web pages High quality of all the reports

  6. Forensic Challenge V1.0 Participants must present: * Anonymous “executive” report describing the incident. * Technical report (60 pages max.) analyzing the incident. It was very important that the report describes not only what the intruder has done, but also how the forensic expert has found it: * Describing the tools used in the analysis . * Correlating information from different sources.

  7. Forensic Challenge V1.0 * All reports obtained more than 5 points (if use a scale of 10 point for the best papers, the “fewer” was 6,2 points). * Most users provided graph and statistics of the intrusion Different techniques and tools used: * Sleutkit * TCT But also : • Home made tools Home made tools • Repositories of MD5 files Repositories of MD5 files * BSD accounting from the compromised system * SWAP memory cumps

  8. Forensic Challenge V2.0 * Launched last December 8th 2004. * Promoted this year by UNAM-CERT (México), with some help from RedIRIS, CAIS-RNP. * Published in many Security list and also in the media newspapers, TV, etc. * Ask people to register to know the number of people interested in this challenge The Challenge started on 1st of February 2005

  9. Forensic Challenge V2.0 F or this Forensic challenge, registered almost 1000 participants from 26 different countries: • España • México • Argentina • Colombia • Chile • Venezuela

  10. Forensic Challenge V2.0

  11. Forensic Challenge V2.0 Forensic Analysis of a compromised Linux Machine * Recovered from a Honeypot at UNAM-CERT * Red Hat 7.3 * Khaos User * It was very complex to analyze and present the final report. * A lot of participants didn´t finishes because of complexity of the case

  12. Forensic Challenge V2.0 Conclusions: Almost all of our participants used Unix tools except one, who used Encase Forensic tools on a Windows Machine. Most used tools were: • Sleuthkit • Autopsy • Chkrootkit • Rkhunter • Unix Tools( grep, awk, etc.)

  13. Forensic Challenge V2.0 Conclusions: * To emphasize that 3rd place (Juan Antonio Fernández Gómez) used only a Unix tools. * It’s important to stand out that there is a difference between Forensic Analysis communitty from Spain respect the others in order to present reports, tools used, etc. * From 11 reports 8 were from spain, 1 from Mexico, 1 from Venezuela and the lasst one from Argentina.

  14. Forensic Challenge V2.0 Conclusions :

  15. Forensic Challenge V2.0 Conclusions: * We can conclude that Spain community has more human resources working on this area, Neverthless we saw an important increase and interest from our community for the next challenge. 2 Mailing list has been created due this purpose and the participants exchange some information, tools, ideas, etc which we hope this impulse this area in our community.

  16. Forensic Challenge V2.0 Conclusions: Several problems were detected in the course of Forensic Challenge like: * Image size too large 10 GB. * For the first two days images were only at UNAM, we need it a Mirror in Spain. * The necessity to count with a pre defined format due diversity of criteria in order to evaluate certains aspects of the challenge.

  17. Forensic Challenge V2.0 Challenges for the Forensic Challenge * Standardized format for the final report * Traffic Analysis for the Jury * Working closely with the participants, community and sponsors

  18. Forensic Challenge V2.0 Forensic Challenge V3.0 ????

  19. ¿¿Preguntas?? http://www.seguridad.unam.mx http://www.rediris.es/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Why This Workshop? In 2009 the Research Council of the National Academy of Sciences issues a

Why This Workshop? In 2009 the Research Council of the National Academy of Sciences issues a

Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18, 2015 Ohio MHAS Forensic Conference Columbus, OH Terry Kukor, Ph.D., ABPP Board Certified in Forensic Psychology Director of Forensic Services Netcare

972 views • 23 slides
Challenges in Crime Scene Investigation Technical challenges in forensic STR profiling

Challenges in Crime Scene Investigation Technical challenges in forensic STR profiling

Epigenetics a New Perspective for Improving Forensic Science p g Hwan Young Lee, Ph.D. Department of Forensic Medicine Yonsei University College of Medicine Current Forensic DNA Typing Forensic cases -- matching suspect with evidence

247 views • 13 slides
Objectives 1. Articulate the rationale for restructuring forensic evaluation reports 2. Identify

Objectives 1. Articulate the rationale for restructuring forensic evaluation reports 2. Identify

11/5/2015 Specialized Topics in Ethical Forensic Practice, Part 1: Restructured Forensic Reports Presented For OhioMHAS Forensic Conference November 18, 2015 Terry Kukor, Ph.D., ABPP (Forensic) Joy Stankowski, M.D. Aracelis (Liz) Rivera, Psy.D.

451 views • 17 slides
Research Project 2: Forensic Challenge Axel Puppe & Joeri Blokhuis June 30, 2010 Axel Puppe

Research Project 2: Forensic Challenge Axel Puppe & Joeri Blokhuis June 30, 2010 Axel Puppe

Outline Introduction Method FAT Walker Xarver Investigation Conclusion Research Project 2: Forensic Challenge Axel Puppe & Joeri Blokhuis June 30, 2010 Axel Puppe & Joeri Blokhuis Research Project 2: Forensic Challenge Outline

413 views • 17 slides
T and Science of Forensic Monitoring Forensic Monitor may be employed by one Board or a

T and Science of Forensic Monitoring Forensic Monitor may be employed by one Board or a

11/5/2015 The T and Science of Forensic Monitoring Robert N. Baker, PhD Jeannie Cool, PCC-S Lottie Gray, MSSA, LISW, CDCA Julia King, PsyD, MBA T and Science of Forensic Monitoring Has your boss just told you? You are our New Forensic

389 views • 24 slides
Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18,

Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18,

Specialized Topics in Ethical Forensic Practice, Part 3: Bias in Forensic Evaluations November 18, 2015 Ohio MHAS Forensic Conference Columbus, OH Terry Kukor, Ph.D., ABPP Board Certified in Forensic Psychology Director of Forensic Services Netcare

1.29k views • 67 slides
THE NEW FORENSIC PATIENT Learning Objectives Review the epidemiology of forensic populations

THE NEW FORENSIC PATIENT Learning Objectives Review the epidemiology of forensic populations

THE NEW FORENSIC PATIENT Learning Objectives Review the epidemiology of forensic populations Explore various clinical presentations seen in forensic settings Implement evidence-based and novel treatment strategies to the new forensic

946 views • 80 slides
Forensic Voice Comparison and Forensic Acoustics 1 Value and Interpretation of Biometric

Forensic Voice Comparison and Forensic Acoustics 1 Value and Interpretation of Biometric

Forensic Voice Comparison and Forensic Acoustics 1 Value and Interpretation of Biometric Evidence in Forensic Automatic Speaker Recognition Dr. Andrzej Drygajlo Speech Processing and Biometrics Group Swiss Federal Institute of Technology

546 views • 44 slides
Regional Forensic Trainings 2013 Pathways to Conditional Release: An Overview of the Forensic

Regional Forensic Trainings 2013 Pathways to Conditional Release: An Overview of the Forensic

Regional Forensic Trainings 2013 Pathways to Conditional Release: An Overview of the Forensic Mental Health System Robert N. Baker, PhD Assistant Chief Office of Forensic Services, ODMH Objectives Provide an overview of the forensic

581 views • 40 slides
T and Science of Forensic Monitoring Has your boss just told you? You are our New Forensic

T and Science of Forensic Monitoring Has your boss just told you? You are our New Forensic

The T and Science of Forensic Monitoring Robert N. Baker, PhD Jeannie Cool, PCC-S Lottie Gray, MSSA, LISW, CDCA Julia King, PsyD, MBA T and Science of Forensic Monitoring Has your boss just told you? You are our New Forensic Monitor.

834 views • 70 slides
Oracle Database Audit Scripts, Privacy & Security considerations Challenge: Forensic analysis

Oracle Database Audit Scripts, Privacy & Security considerations Challenge: Forensic analysis

Oracle Database Audit Scripts, Privacy & Security considerations Challenge: Forensic analysis of license French case law concluded that that Oracle's scripts are scripting much more data than what is legally relevant usage on Oracle

117 views • 9 slides
Current Forensic DNA Typing o Forensic cases -- matching suspect with evidence Involves generation

Current Forensic DNA Typing o Forensic cases -- matching suspect with evidence Involves generation

Epigenetic age signatures in the forensically relevant body fluid of semen Hwan Yong Lee Department of Forensic Medicine Yonsei University College of Medicine Seoul, Korea Current Forensic DNA Typing o Forensic cases -- matching suspect with

533 views • 14 slides
10. Forensic Issues I A MERICAN P SYCHOLOGICAL A SSOCIATION Forensic Issues For people with SMI,

10. Forensic Issues I A MERICAN P SYCHOLOGICAL A SSOCIATION Forensic Issues For people with SMI,

10. Forensic Issues I A MERICAN P SYCHOLOGICAL A SSOCIATION Forensic Issues For people with SMI, the prevalence of containment in prison/forensic system is high: men 15%; women 31% For people exhibiting symptoms: 67 % greater likelihood of

366 views • 7 slides
GOJ Audit Commission Conference 2016 PRESENTS : FORENSIC Forensic Audits-Help for Todays

GOJ Audit Commission Conference 2016 PRESENTS : FORENSIC Forensic Audits-Help for Todays

GOJ Audit Commission Conference 2016 PRESENTS : FORENSIC Forensic Audits-Help for Todays Entity Thursday, October 27, 2016 PRESENTER : COLLIN A. A. GREENLAND, Forensic Accountant, MBA, FJIM, CFE, CFSA, CFC. 1 To Sensitize /

1.12k views • 88 slides
Forensic and I nvestigative Speaker Recognition: Situation BKA Odyssey 2016 June 21-24, Bilbao,

Forensic and I nvestigative Speaker Recognition: Situation BKA Odyssey 2016 June 21-24, Bilbao,

Forensic and I nvestigative Speaker Recognition: Situation BKA Odyssey 2016 June 21-24, Bilbao, Spain Michael Jessen BKA, Forensic Science Institute: Forensic Speech & Audio Department Guidelines Forensic Semiautomatic and Automatic

308 views • 13 slides
Cannabis Some Challenges with Determining Impairment - A Forensic Toxicologists

Cannabis Some Challenges with Determining Impairment - A Forensic Toxicologists

Cannabis Some Challenges with Determining Impairment - A Forensic Toxicologists Perspective. Dr. Michael R. Corbett Ph.D., LL.M., F-ABFT, FCSFS Forensic Toxicologist, Chemical Review Services Inc. Adjunct Professor, Forensic Science

688 views • 38 slides
No relevant financial disclosures Gilden D, et al Neurol. Neuroimmunol Neuroinflamm. 2016

No relevant financial disclosures Gilden D, et al Neurol. Neuroimmunol Neuroinflamm. 2016

Is VZV the cause of GCA? AAS = CON NANOS March 5, 2018 ALFREDO A. SADUN, MD, PhD Flora Thornton Chair Doheny Eye Institute Vice-Chair of Ophthalmology, UCLA No relevant financial disclosures Gilden D, et al Neurol. Neuroimmunol Neuroinflamm.

409 views • 21 slides
Using Social Determinants of Health to Inform Fatality Review June 7, 2017 2:00 3:00 p.m. ET

Using Social Determinants of Health to Inform Fatality Review June 7, 2017 2:00 3:00 p.m. ET

Using Social Determinants of Health to Inform Fatality Review June 7, 2017 2:00 3:00 p.m. ET Housekeeping Webinar is being recorded and will be available with slides in a few days on our website: www.ncfrp.org. The Center will notify

788 views • 61 slides
Is FGFR an Effective Target in Cholangiocarcinoma? Disclosures Consultant DebioPharm

Is FGFR an Effective Target in Cholangiocarcinoma? Disclosures Consultant DebioPharm

Chabner Symposium October 30, 2017 Lipika Goyal, MD, MPhil Massachusetts General Hospital Cancer Center Instructor, Harvard Medical School Is FGFR an Effective Target in Cholangiocarcinoma? Disclosures Consultant DebioPharm

685 views • 49 slides
Digital Witness Remote Method for Volunteering Digital Evidence on Mobile Devices Nigel Campbell

Digital Witness Remote Method for Volunteering Digital Evidence on Mobile Devices Nigel Campbell

Digital Witness Remote Method for Volunteering Digital Evidence on Mobile Devices Nigel Campbell , Evan Stuart, Trevor Goodyear, Winston Messer, and James Fairbanks $ whoami Research Scientist @ GTRI Software Developer MSCS Student

435 views • 30 slides
The INDEPTH Network www.indepth-network.org Please use the slides as you deem fit INDEPTH

The INDEPTH Network www.indepth-network.org Please use the slides as you deem fit INDEPTH

The INDEPTH Network www.indepth-network.org Please use the slides as you deem fit INDEPTH Governance Structure 2 Governance & M&E INDEPTH Board meetings o regular newsletters to the Board INDEPTH-Funder teleconferences; visits

528 views • 30 slides
Emerging Drugs of Abuse Julie Kmiec, DO and Bill Morrone, DO, MS Disclosures Julie Kmiec, DO

Emerging Drugs of Abuse Julie Kmiec, DO and Bill Morrone, DO, MS Disclosures Julie Kmiec, DO

Emerging Drugs of Abuse Julie Kmiec, DO and Bill Morrone, DO, MS Disclosures Julie Kmiec, DO I have no financial conflicts of interest William Morrone, DO I have no financial conflicts of interest 2 Objectives At the end of

524 views • 40 slides
Public Health Law in Correctional Facilities Leila Barraza, JD, MPH Deputy Director, Network for

Public Health Law in Correctional Facilities Leila Barraza, JD, MPH Deputy Director, Network for

Public Health Law in Correctional Facilities Leila Barraza, JD, MPH Deputy Director, Network for Public Health Law- Western Region Veda Collmer, JD Visiting Attorney, Network for Public Health Law - Western Region Principles & Objectives

1.08k views • 54 slides
Patient 1 Zinc Phosphide 23 y/o male ingested rodent pellets: Zn 3 P 2 Awake but intubated

Patient 1 Zinc Phosphide 23 y/o male ingested rodent pellets: Zn 3 P 2 Awake but intubated

Patient 1 Zinc Phosphide 23 y/o male ingested rodent pellets: Zn 3 P 2 Awake but intubated for airway protection Using the Poison Center as a Lavage and WBI Hazmat Resource Rectal tube ICU bed Susan Smolinske MD, PharmD,

106 views • 8 slides

More recommend