beyond extreme forensics update 3q / 2016 by alvaro soto

25

Upload: ec-council

Post on 14-Jan-2017

87 views

Category:

Technology

0 download

Report

Download

Embed Size (px):

TRANSCRIPT

Page 1: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

Page 2: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

© Legal Disclaimer…

CopyrightDisclaimerUnderSec6on107oftheCopyrightAct1976,allowanceismadefor"fairuse"forpurposessuchascri6cism,comment,newsrepor6ng,teaching,scholarship,andresearch.FairuseisausepermiDedbycopyrightstatutethatmightotherwisebeinfringing.Non-profit,educa6onalorpersonaluse6psthebalanceinfavoroffairuse.Allmaterials/trademarksusedinthispresenta6onbelongtotheirrespec6veowners.

Page 3: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

What we do in Forensic Lab…

Page 4: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

What we do in the forensic lab…

Page 5: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

Goals for this update from the lab...

Takeaquicklookaround:

•  Share“storiesfromtrenches”• Giveanawarnessofpoten6alissues/fixes• GiveyousomeresourcesforR&DandFunJ• Ques6ons/Answers…

AlvaroAlexanderSoto-LabDirector/[email protected]

Page 6: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

HDD Storage components review.

Page 7: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

HDD Storage components review.

Page 8: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

Our main resources… and suggesBon for you to use too..

AlvaroAlexanderSoto-LabDirector/[email protected]

Page 9: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

EncrypBon everywhere… but…

Corrup6on.

AlvaroAlexanderSoto-LabDirector/[email protected]

Page 10: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

IoT / Firmware everywhere… but…

AlvaroAlexanderSoto-LabDirector/[email protected]

Page 11: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

Inside HDD… Diags..

•  SAcorrup6on..• Motorstuck..• Heads..•  Electronics..•  Scratches..•  ESD•  Sounds/Clicks• Naturalelements…

Page 12: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

SA in somewhere…NegaBve Tracks..?

•  -1FFFFh•  -2FFFEh•  Etc…

Page 13: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

Seagate DiagnosBc Serial Port

Page 14: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

Tools..

Page 15: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

SA vulnerability / Fix…

• ATAPwd• Change/Off-H• HPA/DCO• Malware/Codeinjec6on• Hiddendata/Tools•  S/N• ….

Page 16: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

Tools / RE Cracks / Filesystem Hacks

Page 17: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

Sample Scenario: Data theQ problem..

•  SEDHDDsolu6onshererightnow!!!

• Reallyasolu6on?.....

•  Letstakealookaround…

Page 18: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

SED HDD

Page 19: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

SED HDD

Page 20: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

Playing Cops and Robbers

Page 21: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

Page 22: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

• BIOSMods

Page 23: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

Job Done…lets go back to home

Page 24: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

Resources • hDps://www.itosaka.com/WordPress/wp-content/uploads/2009/07/Seagate-Diagnos6c-Command.pdf• hDp://openocd.org/

AlvaroAlexanderSoto-LabDirector/[email protected]

Page 25: Beyond eXtreme Forensics Update 3Q / 2016 by Alvaro Soto

THANKS!!!

Q&A–Experiencesharings...

Forensics & Anti- Forensics - Power Of Communitypowerofcommunity.net/poc2007/casper.pdf · Anti-Forensics • Wipe can reply all Host Forensics Tools • Counterfeit Evidence •

3Q 2015 Financial Results › misc › ... · 3Q 20143Q 2015 9M 2014 9M 2015 121.0 122.0 351.6 362.5 3Q 2014 3Q 2015 9M 2014 9M 2015 2.0% 3.1% 0.9% 55.3 56.9 172.9 174.7 3Q 2014 3Q

© The Forensics Files Lincoln-Douglas Debate The Forensics Files The Forensics Files

スライド 1 - Hitachi Construction Machinery · 1 1q 2q 3q 4q 1q 2q 3q 4q 1q 2q 3q 4q 1q 2q 3q 4q 1q 2q 3q 4q 1q 2q 3q 4q us$ 96.8 92.8 90.1 90.8 92.0 85.9 82.6 82.3 81.7 77.9

CitC ilT tCapitaCommercial Trust Third Quarter 2009 Results · 2012-12-21 · 3Q 2009 DPU outperforms 3Q 2008 by 20% Change Actual 3Q 09 3Q 08 % Gross Revenue 102,648 92,536 11 3Q

Fiscal Year 2019 (Ending March 31, 2020) 3rd Quarter ... › ir › library › pdf › (Delayed... · 46.5% 48.5% 3Q Actual 3Q (cumulative) Actual 3Q Actual Full-year forecast 3Q

Cloud Storage Forensics - SANS Computer Forensics

Comp ter Forensics It’s NotComputer Forensics: It’s … ter Forensics It’s NotComputer Forensics: ... Computer Forensics Can be Useful with ... Solid state drives & deleted file

中国のマクロ統計 › newsletter › org2 › 2020 › JETROChina...2013 2Q 3Q 4Q 1Q 2014 2Q 3Q 4Q 1Q 2015 2Q 3Q 4Q 1Q 2016 2Q 3Q 4Q 1Q 2017 2Q 3Q 4Q 1Q 2018 2Q 3Q 4Q 1Q 2019

Forensics & Anti- Forensics

M&A trends in the maritime sector...1Q 09 3Q 09 1Q 10 3Q 10 1Q 11 3Q 11 1Q 12 3Q 12 1Q 13 3Q 13 1Q 14 3Q 14 1Q 15 Operating margin Continuing low freight rates will eventually persuade

Consolidated Results Presentation - Grupo Cooperativo Cajamar...3Q-16 3Q-17 Cajamar Vida: Life-risk insurance premiums (EUR thousands) 53,613 71,724 3Q-16 3Q-17 Cajamar Vida: Pension

Forensics · Disk Forensics Mobile Forensics E-mail investigations Questioned document Cryptography, examination Steganography Live Forensics and Network Forensics Audio/video authentication

Alcaldía de Bucaramanga - Alcaldía de Bucarmanga€¦ · alvaro jose hernandez alvaro nino arguello alvaro perez alvaro perez alvaro rivera herwin ... cindy vanesa giraldo segura

Anti-Forensics and Anti-Anti-Forensics

Webcast - Conference Call 3Q 2017 - Repsol...Webcast - Conference Call 3Q 2017 Author Repsol S.A. Subject Webcast - Conference Call 3Q 2017 Keywords repsol, conference, call, 3Q, third,

3Q/9M 2010 Results 3Q10 Results-Presentation_101124.pdf · 3Q/9M 2010 – Conference Call Presentation 2 GROUP KEY FINANCIALS – 3Q/9M 2010 (*) Adjusted results 3Q/9M 2009 include

COE589: Digital Forensics - ccse.kfupm.edu.saahmadsm/coe589-122/00_Overview_Logisti… · Digital Forensics computer forensics mobile forensics network forensics ... COE589 - Ahmad

3Q FY2016 Presentation Material€¦ · 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q FY2010 FY2011 FY2012 FY2013 FY2014 FY2015 FY2016. Unit: billion

FY 2015 Financial Resultsfirstreit.listedcompany.com/newsroom/20160119... · 1/19/2016 · 1Q 2010 3Q 1Q 2011 3Q 1Q 2012 3Q 1Q 2013 3Q 1Q 2014 3Q 1Q 2015 3Q 2015 9 1.96 Singapore

SPH REIT FINANCIAL STATEMENT ANNOUNCEMENT * FOR THE …sphreit.listedcompany.com/newsroom/20160707_185236_SK6U_0FB… · 3Q 2016 3Q 2015 Change YTD 3Q 2016 YTD 3Q 2015 Change S$'000

Live Forensics Investigations Computer Forensics 2013

COMPUTER FORENSICS - Boise Chapter€¦ · 3 Mobile device forensics 4 Other 5 References Computer forensics Main article: computer forensics ... 1.19 Computer Forensics Solution

6453 Unique Devices (reported by devices) - Buzztouch6453 Unique Devices (reported by devices) Page 1 alps-e612 2.2.1-HTC 2degrees-C8660 3Bays-ZEUS 3Q-3Q 3Q-BC9710A 3Q-QS0716D 3Q-QS0730C

SQL SERVER Anti-Forensics - Black Hat · • Anti-Forensics techniques help to make forensics investigations difficult • Anti-Forensics can be a never ending game • Forensics

USB FORENSICS -PRODISCOVER USB FORENSICS –ENCASE V7csc.csudh.edu/cae/.../2013/11/All-is-not-Lost-Forensics-on-a-USB-Ale… · USB FORENSICS -PRODISCOVER USB FORENSICS -PRODISCOVER

Digital Evidence and Computer Forensics Oct 7-8 2013/Tab 02 Oct 7-8... · Digital Evidence and Computer Forensics COMPUTER FORENSICS FORENSICS FORENSICS

Is Mobile Device Forensics Really Forensics?

OECD-NEA Perspective on Data EC Workshop: Medical … · 2019-02-19 · Quarter 1), 2). 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q Number of Weeks of

Computer forensics - Jordan University of Science and ...tawalbeh/aabfs/presentations/computer_forensics.pdf · 29.08.2006 Computer forensics 2 Computer forensics Definitions: Forensics

Memory Forensics - publish.illinois.edupublish.illinois.edu/.../files/2014/03/acc-forensics.pdfWhat is Computer Forensics? Mobile Device Forensics Network Forensics Memory & Data Forensics

I.C. ALVARO GOBETTI - ALVARO TOMM8B3015