Post date: Jun 24, 2011 3:53:08 PM
When:
Monday, June 27, 5:30-7:30 PM
Where:
The Bridge Lounge, 1201 Magazine St. New Orleans, LA
Presentation Presenter:
Andrew Case (@attrc)
Senior Analyst @ Digital Forensics Solutions
Topic:
De-Anonymizing Live CDs through Physical Memory Analysis
Abstract:
Use of Live CDs in criminal activities has become increasingly prevalent as this type of attack has been widely considered to be "undetectable." As Live CDs run solely in RAM they do not interact with the local disk, thus the filesystem is no longer readily available and the task of putting random pages of data into context can be very difficult for an in-depth investigations. The skills and techniques required to detect a Live CD attack are very different from those used in a traditional forensics examination. Typically, digital forensics investigators examine the filesystem in a hard drive by extracting and analyzing: file and metadata information, establishing patterns of use and timelines, recovering deleted or fragmented data, indexing and searching data etc. Andrew will demonstrate how he was able to detect use of this attack vector, and present a number of techniques that allow for complete recovery of a Live CD’s in-memory filesystem.
Free Event
Cash Bar
Free Food
Please RSVP!
504-874-0787