remote acquisition
play

REMOTE ACQUISITION BOOT ENVIRONMENT (RABE) BOOTABLE LINUX CD / PXE - PowerPoint PPT Presentation

Sep 30, 2023 •405 likes •625 views

REMOTE ACQUISITION BOOT ENVIRONMENT (RABE) BOOTABLE LINUX CD / PXE FOR THE REMOTE ACQUISITION OF MULTIPLE COMPUTERS DENNIS CORTJENS UVA | SNE | RP2 NFI AGENDA Introduction Results / Conclusion Research Future research

  1. REMOTE ACQUISITION BOOT ENVIRONMENT (RABE) BOOTABLE LINUX CD / PXE FOR THE REMOTE ACQUISITION OF MULTIPLE COMPUTERS DENNIS CORTJENS UVA | SNE | RP2 NFI

  2. AGENDA • Introduction • Results / Conclusion • Research • Future research • Concepts • Goals Sheets: 20 • Implementation Duration: 15 minutes Questions: after presentation • Testing

  3. INTRODUCTION • large IT infrastructures > companies, data centers, universities • multiple computers / servers • time consuming > disassembling each computer • Netherlands Forensic Institute > 1 project > 3 research projects: 1. Bootable Linux CD / PXE for the remote acquisition of multiple computers > Dennis 2. Acquisition server > Eric 3. Triage software

  4. RESEARCH • question: Can a bootable Linux CD / PXE be build for the remote acquisition of multiple computers and how does it perform compared to the traditional method? • hypothesis: The remote acquisition of multiple computers (in general) is slower then the traditional method and across the internet it is slower then across a LAN. However, if the acquisition is performed remotely without being on location, it can be done parallel to other activities. This could make it a time efficient solution for partial and sparse acquisition in the future. • previous research: Automated Network Triage (ANT) Martin B. Koopmans, Joshua I. James | University College Dublin

  5. CONCEPTS - NFS

  6. CONCEPTS - iSCSI

  7. GOALS • creating a working (iSCSI) concept:  live image > optical disc / USB stick / PXE  authoring tool > configuring live image • testing the hypothesis:  performance NFS vs. iSCSI  remote vs. traditional acquisition • focus:  client side  working concept > basic server side

  8. IMPLEMENTATION - Client • live image:  KNOPPIX 7.2.0 vs. Ubuntu Desktop 14.04  packages and new services set_network_interfaces  secure connection send_client_information set_iscsi_targets  forensic soundness • authoring tool: nfs-common iscsitarget  bash script client  remastering live image iptables openvpn rabe_authoring_tool

  9. IMPLEMENTATION - Server • not in initial scope rabe_connect_iscsi_target SimpleHTTPServer • needed for working concept server • configuration:  Ubuntu Desktop 14.04 open-iscsi openvpn  packages  secure connection nfs-kernel-server  web service > python  bash script > connecting iSCSI targets

  10. TESTING - LAN

  11. TESTING - LAN iSCSI: Written: 9.3 GiB (10000000188 bytes) in 15 minute(s) and 30 second(s) with 10 MiB/s (10752688 bytes/second). #1 MD5 hash calculated over data: d1bac32b46721780b314f170058e6db5 ewfacquire: SUCCESS Written: 9.3 GiB (10000000188 bytes) in 14 minute(s) and 15 second(s) with 11 MiB/s (11695906 bytes/second). #2 MD5 hash calculated over data: d1bac32b46721780b314f170058e6db5 ewfacquire: SUCCESS Written: 9.3 GiB (10000000188 bytes) in 15 minute(s) and 30 second(s) with 10 MiB/s (10752688 bytes/second). #3 MD5 hash calculated over data: d1bac32b46721780b314f170058e6db5 ewfacquire: SUCCESS NFS: Written: 9.3 GiB (10000000188 bytes) in 17 minute(s) and 0 second(s) with 9.3 MiB/s (9803921 bytes/second). #1 MD5 hash calculated over data: d1bac32b46721780b314f170058e6db5 ewfacquire: SUCCESS Written: 9.3 GiB (10000000188 bytes) in 15 minute(s) and 38 second(s) with 10 MiB/s (10660981 bytes/second). #2 MD5 hash calculated over data: d1bac32b46721780b314f170058e6db5 ewfacquire: SUCCESS Written: 9.3 GiB (10000000188 bytes) in 17 minute(s) and 4 second(s) with 9.3 MiB/s (9765625 bytes/second). #3 MD5 hash calculated over data: d1bac32b46721780b314f170058e6db5 ewfacquire: SUCCESS

  12. TESTING - internet

  13. TESTING - internet iSCSI: Written: 9.3 GiB (10000000188 bytes) in 2 hour(s), 13 minute(s) and 39 second(s) with 1.1 MiB/s (1247038 #1 bytes/second). MD5 hash calculated over data: 0c27b2131c240fa88ceeab132ca326d0 ewfacquire: SUCCESS NFS: Written: 9.3 GiB (10000000188 bytes) in 2 hour(s), 22 minute(s) and 6 second(s) with 1.1 MiB/s (1172882 #1 bytes/second). MD5 hash calculated over data: d1b749285de3e6ec69537fb1212b4dd0 ewfacquire: SUCCESS

  14. RESULTS / CONCLUSION • live image & authoring tool • NFS vs. iSCSI:  LAN: iSCSI faster 0.7-1.0 MiB/s (VPN overhead)  internet: iSCSI faster 8 minutes and 27 seconds (same speed 1.1 MiB/s) • hypothesis:  correct, but with some side notes  speed > network and internet connection limitation  takes much longer > ± 29 hours (LAN) / ± 244 hours (internet)  partial and sparse acquisition

  15. CONCLUSION / SUMMARY “ this concept is a theoretical solution for the remote acquisition of multiple computers and will not yet succeed the traditional acquisition method, but could be a solution for partial or sparse acquisition in the near future ” • created working concept • live image & authoring tool • concluded on NFS vs. iSCSI • open framework for future research

  16. FUTURE RESEARCH • live image: • forensics:  disable auto-mounting  disable auto-mounting  reduce size  reduce memory footprint  remove GUI  include memory acquisition  other tools? • authoring tool:  preview / triage mode >  chroot hopping copy-on-read (Eric) • further performance testing

  17. D E M O

  19. D E M O

  20. QUESTIONS?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Re Remote Data Acquisition and IoT 01219335 Data Acquisition and Integration Chaipo Chaiporn J

Re Remote Data Acquisition and IoT 01219335 Data Acquisition and Integration Chaipo Chaiporn J

Re Remote Data Acquisition and IoT 01219335 Data Acquisition and Integration Chaipo Chaiporn J n Jaik aikae aeo De Department of f Computer Engineering Ka Kasetsart Unive versity Materials partly taken from lecture slides by Karl and

451 views • 34 slides
Performance measurement and tuning of remote acquisition Lukasz Makowski February 2, 2016

Performance measurement and tuning of remote acquisition Lukasz Makowski February 2, 2016

Performance measurement and tuning of remote acquisition Lukasz Makowski February 2, 2016 Location Netherlands Forensic Institute Supervisor : Ruud Schramp Agenda 1 Remote acquisition - research motivation introduction 2 Research scope and

1.09k views • 83 slides
Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your

Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your

Remote Access Plus Enterprise Remote Access Sofuware - Product Overview Covers all your troubleshooting needs ! On Premises Available on cloud Feature Highlights Advanced remote desktop sharing Voice, video and text chat Remote

222 views • 11 slides
CSN08101 Digital Forensics Lecture 6: Acquisition Lecture 6: Acquisition Module Leader: Dr

CSN08101 Digital Forensics Lecture 6: Acquisition Lecture 6: Acquisition Module Leader: Dr

CSN08101 Digital Forensics Lecture 6: Acquisition Lecture 6: Acquisition Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Objectives Storage Formats Acquisition Architecture Acquisition Methods Tools Data

693 views • 36 slides
Remote Working Toolkit Remote Work Best Practices Remote work provides a unique & exciting

Remote Working Toolkit Remote Work Best Practices Remote work provides a unique & exciting

Remote Working Toolkit Remote Work Best Practices Remote work provides a unique & exciting opportunity: with just a few tweaks to your homelife and routine, your productivity and personal well-being can be maximized. This document

324 views • 6 slides
DTCP + Remote Access Proposal for Discussion with 3S October 28, 2009 1 Remote Access (RA)

DTCP + Remote Access Proposal for Discussion with 3S October 28, 2009 1 Remote Access (RA)

DTCP + Remote Access Proposal for Discussion with 3S October 28, 2009 1 Remote Access (RA) Basic Rules Remote Connection AKE RA Encoding Rules 2 Remote Access Basic Rules Source devices may permit remote access to content

326 views • 15 slides
E-COMPASS ACQUISITION CORP. Acquisition of NYM Holding, Inc. Investor Presentation August 2016

E-COMPASS ACQUISITION CORP. Acquisition of NYM Holding, Inc. Investor Presentation August 2016

E-COMPASS ACQUISITION CORP. Acquisition of NYM Holding, Inc. Investor Presentation August 2016 DISCLAIMER In connection with the proposed acquisition, iFresh Inc., a wholly owned subsidiary of E-compass Acquisition Corp. (ECAC), will

419 views • 30 slides
COLLARTS SOURCING REMOTE INTERNSHIPS WHAT IS A REMOTE INTERNSHIP? COLLARTS REMOTE INTERNSHIPS

COLLARTS SOURCING REMOTE INTERNSHIPS WHAT IS A REMOTE INTERNSHIP? COLLARTS REMOTE INTERNSHIPS

COLLARTS SOURCING REMOTE INTERNSHIPS WHAT IS A REMOTE INTERNSHIP? COLLARTS REMOTE INTERNSHIPS A remote internship is a class of internship where you do not have to be physically present in the office or site while doing the internship. You

151 views • 13 slides
COUNTERS REMOTE LDL-xxx-06/26 LNL-xxx-27 LGL-xxx-27 LDL-xxx-06 LDL-xxx-06 LDL-xxx-06

COUNTERS REMOTE LDL-xxx-06/26 LNL-xxx-27 LGL-xxx-27 LDL-xxx-06 LDL-xxx-06 LDL-xxx-06

REMOTE COLLECTION COUNTERS REMOTE LDL-xxx-06/26 LNL-xxx-27 LGL-xxx-27 LDL-xxx-06 LDL-xxx-06 LDL-xxx-06 LDL-xxx-06 Possibility of connecting in one line with low multidecks LDL-xxx-07 LDL-xxx-07 LDL-xxx-07 LDL-xxx-07 LDL-xxx-07

1k views • 82 slides
Defense Acquisition University Provides a global learning environment to develop qualified

Defense Acquisition University Provides a global learning environment to develop qualified

The Aerospace & Defense Forum 1/18/2013 Use of Strategic Management Methods in DoD Acquisition Programs Dr. Stanley Rosen P Professor of Acquisition Management f f A i iti M t Defense Acquisition University The Aerospace &

434 views • 24 slides
Portfolio Acquisition Portfolio Acquisition Portfolio Acquisition from from from Safe Harbor

Portfolio Acquisition Portfolio Acquisition Portfolio Acquisition from from from Safe Harbor

Portfolio Acquisition Portfolio Acquisition Portfolio Acquisition from from from Safe Harbor Safe Harbor In keeping with the SECs Safe Harbor guidelines, certain statements made during this presentation could be considered

668 views • 35 slides
Environment Remote Sensing Instructor: Prof. Prashanth Reddy Marpu SAMPLE METEOSAT SEVIRI

Environment Remote Sensing Instructor: Prof. Prashanth Reddy Marpu SAMPLE METEOSAT SEVIRI

Environment Remote Sensing Instructor: Prof. Prashanth Reddy Marpu SAMPLE METEOSAT SEVIRI CHANNELS 96 acquisitions per day (12 channels in each acquisition) Channel 04 (IR3.9) Channel 09 (IR10.8) MODIS Data Real-Time Monitoring of Dust Sources

1.09k views • 78 slides
Remote Access and SSH a t t e n t i i g r e e n ! P a y t o t e x t o n n T h e s e c o r r e c t

Remote Access and SSH a t t e n t i i g r e e n ! P a y t o t e x t o n n T h e s e c o r r e c t

Remote Access and SSH a t t e n t i i g r e e n ! P a y t o t e x t o n n T h e s e c o r r e c t i d o n e a f t h e l e c t u r e ! t e r a r e o n s 1 Remote Access Modern computing requires the use of a variety of resources located on

652 views • 44 slides
Acquisition of BAC Florida Bank 1 Acquisition of BAC Florida for US$500 million 1 , to be

Acquisition of BAC Florida Bank 1 Acquisition of BAC Florida for US$500 million 1 , to be

Acquisition of BAC Florida Bank 1 Acquisition of BAC Florida for US$500 million 1 , to be paid in cash at closing: Main terms of the Implied price to tangible book value (2018) ratio of 2.55x 2 transaction The closing of the

344 views • 8 slides
First Language Acquisition: Inherent Difficulty of Language Acquisition Theories and Evidence

First Language Acquisition: Inherent Difficulty of Language Acquisition Theories and Evidence

First Language Acquisition: Theories and Evidence Course Readings Imitation vs. Rule Creation First Language Acquisition: Inherent Difficulty of Language Acquisition Theories and Evidence Universal Grammar and Language Acquisition

1.05k views • 60 slides
Remote Procedure Calls Dan Savel, dxs221 EECS 338, Spring 2011 What is a Remote Procedure Call?

Remote Procedure Calls Dan Savel, dxs221 EECS 338, Spring 2011 What is a Remote Procedure Call?

Remote Procedure Calls Dan Savel, dxs221 EECS 338, Spring 2011 What is a Remote Procedure Call? Executing a procedure in an application running on a remote server Transport Protocol and Serialization are abstracted away to work

309 views • 20 slides
SAT Based Attacks on SipHash By Santhosh Kantharaju Siddappa Supervised by Prof. Alan Kaminsky

SAT Based Attacks on SipHash By Santhosh Kantharaju Siddappa Supervised by Prof. Alan Kaminsky

SAT Based Attacks on SipHash By Santhosh Kantharaju Siddappa Supervised by Prof. Alan Kaminsky Department of Computer Science Rochester Institute of Technology Agenda SipHash Boolean Satisfiability Problem SAT Solver Attack

621 views • 35 slides
Task Oriented Pearl: Distributed Blockchain Applications M. Lubbers 1,2 J.M. Jansen 1 1 Military

Task Oriented Pearl: Distributed Blockchain Applications M. Lubbers 1,2 J.M. Jansen 1 1 Military

Task Oriented Pearl: Distributed Blockchain Applications M. Lubbers 1,2 J.M. Jansen 1 1 Military Technical Sciences Netherlands Defense Academy 2 Institute for Computing and Information Sciences Radboud University Nijmegen 5 th January, 2018

657 views • 31 slides
Organon Analytics AI Platform We use our own advanced machine learning platform to help

Organon Analytics AI Platform We use our own advanced machine learning platform to help

Organon Analytics AI Platform We use our own advanced machine learning platform to help Turkcell analyse vast data pools and create new insights and propositions that would not have been possible 1. Reduce dependency on Data

802 views • 18 slides
, R ADIO G ATN , a belt-and-mill hash function a belt-and-mill hash function Guido Bertoni,

, R ADIO G ATN , a belt-and-mill hash function a belt-and-mill hash function Guido Bertoni,

R ADIO G ATN , R ADIO G ATN , a belt-and-mill hash function a belt-and-mill hash function Guido Bertoni, Joan Daemen, Michal Peeters * and Gilles Van Assche STMicroelectronics * De Valck Consultants Second Cryptographic Hash Workshop

474 views • 16 slides
Data Structures for IPv6 Network Traffic Analysis Using Sets and Bags John McHugh, Ulfar

Data Structures for IPv6 Network Traffic Analysis Using Sets and Bags John McHugh, Ulfar

Data Structures for IPv6 Network Traffic Analysis Using Sets and Bags John McHugh, Ulfar Erlingsson The nature of the problem IPv4 has 2 32 possible addresses, IPv6 has 2 128 . IPv4 sets can be realized as bit arrays. (0.5GB) IPv4

585 views • 20 slides
THE LEGAL ASPECTS OF USING CRYPTOGRAPHIC HASH VALUES, IN DIGITAL FORENSICS IN LIGHT OF RECENT

THE LEGAL ASPECTS OF USING CRYPTOGRAPHIC HASH VALUES, IN DIGITAL FORENSICS IN LIGHT OF RECENT

THE LEGAL ASPECTS OF USING CRYPTOGRAPHIC HASH VALUES, IN DIGITAL FORENSICS IN LIGHT OF RECENT VULNERIBILITES AND COLLISSIONS WITHIN THESE HASH VALUES. VERONICA SCHMITT (ACE, AMCSS) SPECIAL INVESTIGATING UNIT ABSTRACT MD5 and SHA-1

233 views • 22 slides
BROWN TO GREEN Hash tag for webinar: #B2Greport Follow us: @ClimateT_G20 The G20 transition to a

BROWN TO GREEN Hash tag for webinar: #B2Greport Follow us: @ClimateT_G20 The G20 transition to a

Brown to Green Report | 2017 BROWN TO GREEN Hash tag for webinar: #B2Greport Follow us: @ClimateT_G20 The G20 transition to a low carbon economy Monday 3 July 2017, 10 11 am CEST Brown to Green Report | 2017 BROWN TO GREEN Hash tag for

323 views • 28 slides
Cryptanalysis Results on the NIST Candidate Gimli (WIP) Antonio Flrez Gutirrez, Gatan

Cryptanalysis Results on the NIST Candidate Gimli (WIP) Antonio Flrez Gutirrez, Gatan

Cryptanalysis Results on the NIST Candidate Gimli (WIP) Antonio Flrez Gutirrez, Gatan Leurent, Mara Naya-Plasencia, Lo Perrin, Andr Schrottenloher, Ferdinand Sibleyras Inria, France Context Gimli is a permutation proposed by

529 views • 7 slides

More recommend