advertisement

Anti-Forensics: Real world identification, analysis and prevention

45 %
55 %
advertisement
Information about Anti-Forensics: Real world identification, analysis and prevention
Technology

Published on January 12, 2009

Author: mlegary

Source: slideshare.net

Description

Reliance on forensic investigation of information systems has become a daily requirement for law enforcement and security practitioners around the world.
Effective evidence collection and analysis is the foundation of any investigation; identification of suspects, motives and methods demand the acquisition of the largest amount information that evidence can provide us. Anti-Forensics – Real world identification, analysis and prevention will discuss how criminals, attackers, non-enlightened investigators all have the ability to impact the amount useful information we have at our disposal. Michael will show the audience real world scenarios detailing how Anti-forensics tools are used to
hide and destroy incriminating evidence, outlining common anti-forensic techniques. This will be followed by discussion of hands-on identification and prevention
practices used to raise awareness around current academic research and identify potential solutions for practitioners and law enforcement organizations.
advertisement

Digital Anti-Forensics Real World Identification, Analysis & Prevention M ic h a e l L e g a r y IR -1 0 N ovember 7, 2007 Copyright 2005 Seccuris Inc

Introduction Michael Legary Founder, Seccuris Inc. CISSP, CISA, CISM, CCSA, GCIH, SCF CNE, MCSE, CCNA Copyright 2005 Seccuris Inc

Overview • Current Situation • What is Anti-forensics • Anti-forensics Methods • Transformation Attacks • Current trends to watch • Prevention Methods for Real World • Conclusions Copyright 2005 Seccuris Inc

Organization A - Agrieng Inc • Small Agri-Business • Sales +/- 2M & 25 Employees • Designs tractors, bailers, etc • Heavy use of electronic drafting & engineering software • Bids on contract work for major manufacturers Copyright 2005 Seccuris Inc

Organization A - Agrieng Inc • Outbid & Outsold by foreign competitor • One particular competitor’s designs look eerily similar Copyright 2005 Seccuris Inc

Organization B – ServPro GmbH • Large Service Provision company • Sales +/- 200M & 2500 Employees • Provides Information Management Solutions to world wide organizations • Specialized database and information mining technology separate ServPro from competitive organizations • Currently handles personal information of over 50 million individuals Copyright 2005 Seccuris Inc

Organization B – ServPro GmbH • A few clients are reporting an increase in identity theft reports by their constituents. • There seems to be a pattern in the types of information being reported as stolen. Copyright 2005 Seccuris Inc

Organization C – Government Department • Federal organization providing legal related services • Handles specialty investigations from multiple provinces • Conducting investigation in high tech criminal activity Copyright 2005 Seccuris Inc

Organization C – Government Department • Suspects are continually evading capture • Individuals caught seem to have been prepared for questioning • Little to no evidence identified when caught Copyright 2005 Seccuris Inc

Forensic Investigation • What is going on? • Who is behind the activity? • Why are they doing it? • When did the start / stop? • Where are they located? • How is the activity occurring? • Has a crime taken place? Copyright 2005 Seccuris Inc

Forensic Investigation • Often in cases involving information systems standardized forensic investigation does not occur until it is known that suspicious activity is happening • Where do we look for this activity? Copyright 2005 Seccuris Inc

Digital Evidence & Forensics • Digital evidence exists all around us • Tools and techniques available to investigators has greatly increased in recent time • Reliance on digital evidence is becoming a reality • Where is evidence on a system? Copyright 2005 Seccuris Inc

User Console User Level Kernel Interface Memory Kernel Level File System Hardware Level Copyright 2005 Seccuris Inc

Evidence exists in: Memory • System Memory • System Cache Program Temp Log Temp File File System • File System • File System Cache Program Config File Target File Log File Temp Log Temp File Copyright 2005 Seccuris Inc

Evidence exists in: User Level Service • Running Programs Kernel Interface • Running Services Kernel Level • Active Processes Hardware Level Copyright 2005 Seccuris Inc

User Console User Level Service Kernel Interface Memory Temp Log Temp File Kernel Level File System Target File Log File Config File Program Temp Log Temp File Hardware Level Copyright 2005 Seccuris Inc

Standardized process for digital evidence Standard processes being created for: • Attack Identification • Forensic Investigation • Image Capture • Image Analysis • Evidence identification Copyright 2005 Seccuris Inc

Standardized process for digital evidence Forensic investigations are initiated from evidence collected during the attack identification process. If an investigator can not identify an attack, forensic investigation will not be conducted; Allowing attackers to go unnoticed. Copyright 2005 Seccuris Inc

User Console Identification User Level Service Kernel Interface Memory Temp Log Temp File Kernel Level File System Config File Program Target File Log File Temp Log Temp File Hardware Level Copyright 2005 Seccuris Inc

User Console Forensic Investigation User Level Service Kernel SYSTEM STATE IMAGE Interface Memory MEMORY IMAGE Temp Log Temp File Kernel Level File System Config File Program Target File Log File HARD DRIVE IMAGE Temp Log Temp File Hardware Level Copyright 2005 Seccuris Inc

Overview • Current Situation • What is Anti-forensics • Anti-forensics Methods • Transformation Attacks • Current trends to watch • Prevention Methods for Real World • Conclusions Copyright 2005 Seccuris Inc

Anti-Forensics What is it? • Practices and processes to prevent, counter-act or neutralize an investigators ability to identify or recover evidence for use in an investigation. Copyright 2005 Seccuris Inc

Anti-Forensics The common purpose: • Prevent detection of the attacker • Prevent an investigator from gaining usable knowledge • Destroy, hide, prevent creation of, or transform data Copyright 2005 Seccuris Inc

Anti-Forensics The common purpose: • Even if an attacker is detected, evidence regarding their means, methods and motives will be altered preventing accurate investigation or prosecution. Copyright 2005 Seccuris Inc

The origins of Anti-forensics • Traditional techniques • Physical • Financial • Criminal • Good Examples • On Television Copyright 2005 Seccuris Inc

Overview • Current Situation • What is Anti-forensics • Anti-forensics Methods • Transformation Attacks • Current trends to watch • Prevention Methods for Real World • Conclusions Copyright 2005 Seccuris Inc

Anti-forensics – Methods Overview • In order to maintain covert activities of any sort there is a requirement to Destroy, Hide, Prevent Creation of, or transform data to remain hidden. Copyright 2005 Seccuris Inc

Anti-forensics – Methods Overview Destruction of data • Goal • Significantly Damage the Integrity of Evidence • Physical Destruction of Data • Magnetic Techniques (Degaussing) • Brute Force • Logical Destruction of Data • Reinitialize Media • Significantly change composition of data on media Copyright 2005 Seccuris Inc

Anti-forensics – Methods Overview Hiding of data • Goal • Limit identification and collection of evidence • Obfuscation • Information Manipulation • Steganography • Encryption • Data Encryption • Media Encryption Copyright 2005 Seccuris Inc

Anti-forensics – Methods Overview Data creation prevention • Goal • Prevent creation of evidence • Direct Prevention • Root Kits • Modification of System Binaries • Indirect Prevention • Limit system functionality – DoS – to prevent creation of data Copyright 2005 Seccuris Inc

Anti-forensics – Methods Overview Transformation Techniques • Goal • Maintain or Re-establish investigator trust in falsified data as evidence. • Conventional Techniques • Root Kits • Advanced Techniques • Shared Library Hijacking Copyright 2005 Seccuris Inc

User Console Identification User Level Service Kernel Interface Memory Temp Log Temp File Kernel Level File System Config File Program Target File Log File Att Attacker Temp Log Temp File Attacker File Program Hardware Level Copyright 2005 Seccuris Inc

Anti-forensics – Methods Overview Transformation Techniques • One of the most complex technical attacks being performed today • Understanding and appreciation for methods used will allow us to reform our investigation techniques Copyright 2005 Seccuris Inc

Anti-forensics – Methods Overview Transformation Techniques • WHY? • Detailed forensic investigation may not start if there is no suggestion of system tampering • These techniques can make very ugly systems look like good ones… Copyright 2005 Seccuris Inc

Overview • Current Situation • What is Anti-forensics • Anti-forensics Methods • Transformation Attacks • Current trends to watch • Prevention Methods for Real World • Conclusions Copyright 2005 Seccuris Inc

Overview • Transformation Attacks • Traditional Methods • Conventional • Advanced • Detection • Conventional • Advanced • Emerging Methods Copyright 2005 Seccuris Inc

Anti-Forensics – Traditional Techniques Conventional transformation methods • Initial System Compromise • Deception of Security Personal Copyright 2005 Seccuris Inc

Conventional transformation methods • Initial System Compromise • Breach of system due to known vulnerability • Attacker gains access to system, attempts to by-pass detection Copyright 2005 Seccuris Inc

Conventional transformation methods • Deception of Security Personal • Deleting Files • Hiding files / logs / activities • Root Kits • Tools used to identify suspicious activity (In BSD) • Disk Tools: df, ls ,du • Process Tools: ps, top, crontab • Network Tools: netstat, sockstat, fstat, tcpdump • Be suspicious of your compiler Copyright 2005 Seccuris Inc

Traditional Techniques – AgriEng Inc • Attacker identifies vulnerability • Breaks into system • Removes logs • Installs rootkit • Downloads engineering files • Configures backdoor into system Copyright 2005 Seccuris Inc

User Console User Level Service Kernel Interface Memory Temp Log Temp File Kernel Level File System Config File Program Target File Log File Att Attacker Temp Log Temp File Attacker File Program Hardware Level Copyright 2005 Seccuris Inc

User Console Identification User Level Service Kernel Interface Memory Attacker Program Temp Log Temp File Kernel Level File System Config File Program Target File Att Attacker Attacker File Program Hardware Level Copyright 2005 Seccuris Inc

Overview • Transformation Attacks • Traditional Methods • Conventional • Advanced • Detection • Conventional • Advanced • Emerging Methods Copyright 2005 Seccuris Inc

Anti-Forensics – Traditional Techniques Advanced Transformation Methods • Kernel Modules and hijacking systems calls • Kernel level root kit • Provides undetected and almost unlimited access to a compromised system • Allows attackers to perform a variety of functions such as: • Hide processes • Hide files and registry keys • Log Keystrokes • Redirect Executable Files • Issue Commands • Generates own hidden TCP/IP Stack • Remote administration Copyright 2005 Seccuris Inc

Traditional Techniques – ServPro GmbH • Attacker identifies vulnerability • Breaks into system • Removes logs • Installs kernel level rootkit • Installs System Sniffer • Created automated system to send out client information Copyright 2005 Seccuris Inc

User Console User Level Service Kernel Interface Memory Temp Log Temp File Kernel Level File System Config File Program Target File Log File Att Attacker Temp Log Temp File Attacker File Program Hardware Level Copyright 2005 Seccuris Inc

User Console Identification User Level Service Kernel Interface Memory Attacker Program Temp Log Temp File Kernel Level File System Config File Program Target File Att Attacker Attacker File Program Hardware Level Copyright 2005 Seccuris Inc

Overview • Transformation Attacks • Traditional Methods • Conventional • Advanced • Detection • Conventional • Advanced • Emerging Methods Copyright 2005 Seccuris Inc

Anti-Forensics - Traditional Techniques Traditional Transformation Detection Methods • Cryptographic hashing for data integrity • Process Analysis • Network Monitoring • Signature / Pattern Matching Copyright 2005 Seccuris Inc

Transformation Detection Methods • Cryptographic hashing for data integrity • Using fingerprints investigators can ensure files come from trusted sources, or weed out known attack tools • MD5 / SHA / RIPE-MD • HIDS – Use of Cryptographic Hashing • Tripwire, Axent, Cybersafe, ISS Copyright 2005 Seccuris Inc

Cryptographic hashing for data integrity Trusted Command Executable % md5 ps.trusted MD5 (p s .tru s te d ) = 9 50 1e f2 86 e f3a b 86 87 b 7 9 20 c a 4 fe e 2 9 f Un-trusted Command Executable % md5 /bin/ps MD5 (/ in / ) = b ps 02b2f8087896314bafd4e9f3e00b35fb Copyright 2005 Seccuris Inc

User Console Identification Target File Config File Program User Level Service Att Attacker Attacker File Program Kernel Interface NOT SAME Memory ATTACKGood Known DETECTED! Attacker Program Program Temp Log Temp File Kernel Level File System Config File Program Target File Att Attacker Attacker File Program Hardware Level Copyright 2005 Seccuris Inc

Transformation Detection Methods • Process Analysis • Processes contain content such as: • Open files • Memory Maps • Ownership Labels • Resource Consumption Statistics • Analysis of these characteristics allow an investigator to identify discrepancies in common system activity • Utilities such as: • PS  –AUX • top • proc fs Copyright 2005 Seccuris Inc

User Console Identification Target File Config File Program User Level Known Good Service Service Att NOT SAME Attacker Attacker File Program Kernel ATTACK Interface Memory DETECTED! Attacker Program Temp Log Temp File Kernel Level File System Config File Program Target File Att Attacker Attacker File Program Hardware Level Copyright 2005 Seccuris Inc

Transformation Detection Methods • Network Monitoring • NIDS • Firewall Monitoring • Bandwidth Trending • Output can identify use of known attacks, or privileged accounts Copyright 2005 Seccuris Inc

Transformation Detection Methods • Network Monitoring No v 10 2 1:59 :06 <4.1> 1 72 .1 6.1 .2 0 s no rt: [1:4 6 6:1 ] SHELLCODE x86 stealth NOOP [P rio rity: 2]: {P R OTO0 01 } 1 0.0.1 .1 25 -> 10 .5 .1.3 • Example Snort® log which has detected the op- codes or machine instructions for a “stealth NOOP”. Copyright 2005 Seccuris Inc

Transformation Detection Methods • Network Monitoring % tcpdump -nett -i pflog0 lis te n in g on pflo g 0, link-type P F LOG (Ope nB S D p flog file ), c a pture s iz e 96 b yte s 1 1 0 0 2 2 1 1 36.6 7744 1 rule 1/0(match): b loc k in o n s is 0: IP 10 .0.0.35.4646 > 20 5.1 1 .1 1 .1 1 .4 4 5 : S 5 5 2 1 5 9036 :552 1590 36(0 ) win 6 4240 <m s s 1460 ,n op,n op,s a c kOK> 1 1 0 0 2 2 1 1 38.3 7042 3 rule 1 / a tc h ): b loc k in on s is 0 : IP 10 .0.0.35.4646 > 205.11 .1 1 .1 1 .4 4 5 : S 0(m 5 5 2 1 5 9036 :552 1590 36(0 ) win 6 4240 <m s s 1460 ,n op,n op,s a c kOK> • Example use of tcpdump on the OpenBSD® PF Firewall Copyright 2005 Seccuris Inc

User Console Identification Target File Config File Program User Level Service Att Attacker Attacker File Program Kernel Interface Memory ATTACK DETECTED! Attacker Program Temp Log Temp File Kernel Level File System Network Config File Program Target File Intrusion Detection System Att Attacker Attacker File Program Hardware Level Copyright 2005 Seccuris Inc

Transformation Detection Methods • Signature / Pattern Matching • Database of known patterns and signatures • Binary Sequence Matching • Used in NIDS / HIDS / Investigative Tools Copyright 2005 Seccuris Inc

Transformation Detection Methods • Signature / Pattern Matching % file libtransform.so.1 lib tra n s form .s o .1 : E LF 32 -b it LSB shared object, In te l 8 03 8 6, ve rs ion 1 (F re e B S D), s trip p e d • Output of the “file” utility on a shared object. • The “file” utility attempts to figure the file type for a specified file. Copyright 2005 Seccuris Inc

User Console Identification Target File Config File Program User Level Service Att Attacker Attacker File Program Kernel Interface Memory 1. File Size 2. Header Information Attacker Program 3. File Content 4. Unknown Pattern Temp Log Temp File Kernel Level File System ATTACK DETECTED! Config File Program Target File Att Attacker Attacker File Program Hardware Level Copyright 2005 Seccuris Inc

Investigating – AgriEng Inc • Cryptographic hashing for data integrity • Process Analysis • Network Monitoring • Signature / Pattern Matching Copyright 2005 Seccuris Inc

User Console Identification Target File Config File Program User Level Service Att Attacker ATTACK Attacker File Program Kernel DETECTED! Interface Memory Attacker Program Temp Log Temp File Kernel Level File System Config File Program Target File Att Attacker Attacker File Program Hardware Level Copyright 2005 Seccuris Inc

Overview • Transformation Attacks • Traditional Methods • Conventional • Advanced • Detection • Conventional • Advanced • Emerging Methods Copyright 2005 Seccuris Inc

Anti-Forensics - Traditional Techniques Advanced Transformation Detection Methods • Advanced Transformation Detection methods • Detection of system call hijacking Copyright 2005 Seccuris Inc

Advanced Transformation Detection Methods • Detection of system call hijacking • System Call hijacking changes the address the system references from a known module to their own “attacker” module • If an investigator can find inconsistencies in programs making system calls they will be able to detect an attack Copyright 2005 Seccuris Inc

Advanced Transformation Detection Methods • Advanced Transformation Detection methods i f ( s y s e n t [ S YS _o p e n ] . s y _c a l l ! = o p e n ) pa ni c ( “ ope n s ys t e m c a l l ha s be e n hi - j a c ke d” ) ; i f ( s y s e n t [ S YS _wr i t e ] . s y _c a l l ! = wr i t e ) p a n i c ( “ wr i t e s y s t e m c a l l h a s b e e n h i - j a c k e d ” ) ; • Code snippet for the FreeBSD® operating system which when executed in the context of the kernel, could be used to detect the presence of a hi-jacked system call. Copyright 2005 Seccuris Inc

Investigating – ServPro GmbH • Cryptographic hashing for data integrity • Process Analysis • Network Monitoring • Signature / Pattern Matching • Detection of system call hijacking Copyright 2005 Seccuris Inc

User Console Identification Config File Target File User Level Service Program Kernel Interface Memory Attacker Program ATTACK Temp Log Temp File DETECTED! Kernel Level File System Config File Program Target File Att Attacker Attacker File Program Hardware Level Copyright 2005 Seccuris Inc

Overview • Transformation Attacks • Traditional Methods • Emerging Methods • Emerging Transformation Methods • Emerging Detection Copyright 2005 Seccuris Inc

Anti-Forensics – Emerging Techniques Emerging transformation methods • Hijacking of user space library calls Copyright 2005 Seccuris Inc

Dynamically Standard Libraries Memory Linked Libraries • More efficient use of system resources • Loads from User Space Dynamically Linked • Multiple programs utilize Memory same code libraries for similar functions • Attackers can change program behavior without modifying program or libraries Copyright 2005 Seccuris Inc

Dynamically Linked Libraries Memory Copyright 2005 Seccuris Inc

Dynamically Linked Libraries Memory Copyright 2005 Seccuris Inc

Emerging transformation methods • Hijacking of user space library calls • Information Transformation • Takes “Ugly / Untrusted” information and makes it look “Good / Trusted” • Scenarios • System Logs • Audit Logs • Existing Files • IDS • FW • Dynamic Review Copyright 2005 Seccuris Inc

Emerging Techniques – Government Department • Attacker identifies vulnerability • Breaks into system • Installs User Space Module for Shared Library Hi-jacking • Creates automated system to send out client information • Avoids capture through regular methods from investigators Copyright 2005 Seccuris Inc

User Console Att Attacker File User Level Service Kernel Interface Memory Temp Log Temp File Kernel Level File System Config File Program Target File Log File Temp Log Temp File Shared Object File Hardware Level Copyright 2005 Seccuris Inc

User Console Identification User Level Service Kernel Interface Memory Temp Log Temp File Kernel Level File System Config File Program Target File Log File Att Temp Log Temp File Attacker File Shared Object File Hardware Level Copyright 2005 Seccuris Inc

Investigating – Government Department • Cryptographic hashing for data integrity • Process Analysis • Network Monitoring • Signature / Pattern Matching • Detection of system call hijacking Copyright 2005 Seccuris Inc

User Console Identification Temp Log Config File Shared Object File User Level Service Temp File Target File No Attack Log File Program Kernel Interface Memory Temp Log Temp File Kernel Level File System Config File Program Target File Log File Att Temp Log Temp File Attacker File Shared Object File Hardware Level Copyright 2005 Seccuris Inc

Overview • Transformation Attacks • Traditional Methods • Emerging Methods • Emerging Transformation Methods • Emerging Detection Copyright 2005 Seccuris Inc

Anti-Forensics – Emerging Techniques Emerging transformation detection methods • Shared Library Analysis Copyright 2005 Seccuris Inc

Emerging transformation detection methods • Shared Library Analysis • Analyze active processes to identify links to “Ugly / untrusted” shared libraries. • Using LSOF to analyze VMCORE • Identifies if an untrusted object is being used by the system • Using objdump to analyze dynamic symbols • Identifies which functions are being hijacked by the untrusted object Copyright 2005 Seccuris Inc

Investigating – Government Department • Using LSOF to analyze VMCORE • Using objdump to analyze dynamic symbols Copyright 2005 Seccuris Inc

User Console Identification Temp Log Config File Shared Object File User Level Service Temp File Target File Log File ATTACK Program Kernel DETECTED! Interface Memory VMCORE File Temp Log Temp File Kernel Level File System Config File Program Target File Log File Att Temp Log Temp File Attacker File Shared Object File Hardware Level Copyright 2005 Seccuris Inc

Overview • Current Situation • What is Anti-forensics • Anti-forensics Methods • Transformation Attacks • Current trends to watch • Prevention Methods for Real World • Conclusions Copyright 2005 Seccuris Inc

Current trends to watch • Direct Kernel Hijack • Concurrency Exploits • Dynamic Firmware Attack • Virtualization Attacks Copyright 2005 Seccuris Inc

Direct Kernel Hijack • Modifies live kernel instead of system calls • Injection of malicious kernel code through /d e v /me m or / d e v / k me m • This isn’t new, but gaining popularity again… • Tripwire, Execshied, PaX bypass standard in most kits • Most script kits do not require root for proper execution on Ubuntu, general Linux/BSD flavors • Better detection of NOP sleds allowing for higher chance of 1st time success Copyright 2005 Seccuris Inc

Concurrency Exploits & Race Conditions • System call wrappers have been touted as the answer to system call hijack. • Concurrency exploits remove the effectiveness of wrappers in multi-process systems • More information • http://www.watson.org/~robert/2007woot/20070806- woot-concurrency.pdf Copyright 2005 Seccuris Inc

Concurrency Exploits – Race Conditions Copyright 2005 Seccuris Inc

Firmware Attack - Covert Channel • Hijack of interrupts through firmware exploitation • RAID / SATA drives increasingly vulnerable • Automated exploit though dynamic firmware update • Hide I/O errors, misreport write commands, reword strings being written to drive Copyright 2005 Seccuris Inc

Virtualization Attacks • The Blue Pill hype (and anti-hype) • http://securitywatch.eweek.com/showdown_at_the_blue_pill_corral.html • Reported to be 100% undetectable malware • On-the-fly installation of malware that “Traps & Emulates” the original OS • Timing, Memory & Hypervisor checks detect it… • As hardware moves towards virtualization support this will become a bigger concern Copyright 2005 Seccuris Inc

Overview • Current Situation • What is Anti-forensics • Anti-forensics Methods • Transformation Attacks • Current trends to watch • Prevention Methods for Real World • Conclusions Copyright 2005 Seccuris Inc

Prevention Methods for the Real World • Psychological Changes • Be aware of this type of activity • Process Changes • Modify incident handling and forensic investigation processes to test for this type of activity • Architecture Changes • Static Linking (back to the future!) • Utilize trusted security architectures • Cryptographic Execution Policy (CheckSums) • Mandatory Access Control Frameworks • FreeBSD Trusted Execution Policy Copyright 2005 Seccuris Inc

Prevention Methods for the Real World • Real world tools for detection available: • RootKit Hook Analyser • http://www.resplendence.com/hookanalyzer • RootkitRevealer (Windows NT4 – 2003+) • http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx • F-Secure BlackLight • http://www.f-secure.co.uk/blacklight/blacklight.html Copyright 2005 Seccuris Inc

Prevention Methods for the Real World • Real world tools for prevention available: • Tripwire • http://www.tripwire.com/ • Third Brigage • http://www.thirdbrigade.com/ • Anti-Rootkit software • http://www.antirootkit.com/software/index.htm Copyright 2005 Seccuris Inc

Overview • Current Situation • What is Anti-forensics • Anti-forensics Methods • Transformation Attacks • Prevention Methods for Real World • Conclusions Copyright 2005 Seccuris Inc

Conclusions • Anti-forensic techniques in the digital realm are becoming more complex and harder to detect Copyright 2005 Seccuris Inc

Conclusions • Transformation attacks can falsely maintain an investigator’s trust in a system preventing a proper investigation from occurring Copyright 2005 Seccuris Inc

Conclusions • Awareness of anti-forensics and the techniques required for identification will enhance our ability to protect our organizations Copyright 2005 Seccuris Inc

Thank-you Michael Legary Founder, Seccuris Inc. (204) 255-4490 Michael.Legary@Seccuris.com 1-866-644-8442 www.seccuris.com Copyright 2005 Seccuris Inc

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Anti Forensics | LinkedIn

View 287 Anti Forensics posts, ... Real World Training Ltd, ... Real world identification, analysis and prevention. 1,705 Views.
Read more

Identification Analysis | LinkedIn

We bring real world experience related to current and historical ... identification and analysis, ... Real world identification, analysis and prevention.
Read more

Anti-Forensics - Part 1 - InfoSec Resources

What Anti-Forensics is About. ... attacking the identification, acquisition and analysis phases of evidence-gathering will make quite ... Analysis Prevention;
Read more

Dealing with forensic software vulnerabilities: is anti ...

... is anti-forensics a real ... The former began studying forensic software available on ... anti-forensics prevention is likely to shift to ...
Read more

Security Controls

Security controls are technical or administrative safeguards or counter measures to avoid, ... detective, reactive) make more sense in the real world.
Read more

Computer Forensics Courses- Learn Digital Forensics ...

Anti-Forensics techniques ; ... tools, and real-world analysis skills. ... intrusion detection and prevention systems, ...
Read more

Incident Detection, Response, and Forensics: The Basics ...

The maxim that "prevention eventually ... computer incident detection, response, and forensics ... any difference in the real world. ...
Read more

FOR508: Advanced Digital Forensics and Incident Response

... Advanced Digital Forensics and Incident Response will ... are successfully using in real-world ... Analysis & Anti-Forensics ...
Read more