Wednesday, May 4, 2011

Reasons to attend Security BSides St John's 2011 (part 3)

So you've heard about the Security BSides St John's 2011 event and wonder if you'll sign up to attend? Well if you do you'll be able to take in a variety of information security talks from leaders in the field, while  having the opportunity to meet other information security practitioners, and researchers. In this week's 'Reasons to attend Security BSides St John's 2011' I'm highlighting Adam Mosher's talk entitled "Evasion with anti-forensics":


Evasion with anti-forensics
Adam W. Mosher, Senior Security & Network Consultant, Bulletproof Solutions

Digital forensics investigations are difficult. With the increasingly complex capability of anti-forensics techniques and an endless array of clever software, uncovering evidence has become more sophisticated. Therefore, the need for the forensics investigator to stay abreast of the current threat landscape with regards to anti-forensics techniques and methodology is crucial. The footprint being left behind on evidence, if at all, is growing smaller and smaller.

The following subsections will be explored in depth during the 30 minute presentation:
o   What anti-forensics is and what it is not.
§  Encryption on all levels is explored.
o   Underground market for anti-forensics.
§  The effectiveness of the anti-forensics subculture.
§  Avoiding detection.
§  Malware as anti-forensics.
o   Attacking the forensic investigator.
§  The advancement of disk wiping tools.
§  Attacks against forensics tools.
o   Collecting, examining and analyzing bad data.
§  What and where to look for data?
§  Data in unexpected places.

No comments: