HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro - - PowerPoint PPT Presentation

hacking paris 2014 extreme forensics reloades 2q 2014
SMART_READER_LITE
LIVE PREVIEW

HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro - - PowerPoint PPT Presentation

Apr 03, 2023 198 likes •571 views

HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014 Alvaro Alexander Soto Digital Forensics Lab Director HTCIA/ICFP/ACM/IEEE/ACIS/ISSA asoto@asoto.com INTENDED AUDIENCE Forensic lab directors / analysts - Law enforcement - Researchers -

slide-1
SLIDE 1

HACKING PARIS 2014 EXTREME FORENSICS RELOADES 2Q /2014

Alvaro Alexander Soto Digital Forensics Lab Director HTCIA/ICFP/ACM/IEEE/ACIS/ISSA asoto@asoto.com

slide-2
SLIDE 2

INTENDED AUDIENCE Forensic lab directors / analysts - Law enforcement - Researchers - Tech Enthusiasts – a.k.a. Geeks Objectives. Think beyond traditional forensic tools and general landscape of the new challenges

slide-3
SLIDE 3
  • Evolution of Digital Forensics…

– Pc’s.. – Networks – Smartphones – Digital Devices – Cloud… – Next…?

slide-4
SLIDE 4

CORPORATE - ECONOMIC ESPIONAGE What is? Industrial espionage, economic espionage or corporate espionage is a form

  • f espionage conducted for commercial purposes instead of purely national

security.[1] Economic espionage is conducted or orchestrated by governments and is international in scope, while industrial or corporate espionage is more

  • ften national and occurs between companies or corporations. Wikipedia.

Corporate Espionage vs Counter Terrorism

slide-5
SLIDE 5

Currents

  • USA – CHINA / DOJ / FBI Indict.
  • Target..
  • Colombia, Andres Sepulveda, Cuba, etc
  • 19 countries, FBI, Rent-a-backdoor Creepware 40USD “Full Equipment”
  • Statistics USA –Verizon- , COL, KMPG,
  • EXECUTIVE Responsibility - NOT I.T.
slide-6
SLIDE 6

Web Site www.asoto.com  Email: info@asoto.com

Expectations… Sometimes you expect this:

slide-7
SLIDE 7

Web Site www.asoto.com  Email: info@asoto.com

…But you get this..

slide-8
SLIDE 8

Web Site www.asoto.com  Email: info@asoto.com

Expectation:

slide-9
SLIDE 9

Web Site www.asoto.com  Email: info@asoto.com

But you get this…

slide-10
SLIDE 10

Expectation…

Web Site www.asoto.com  Email: info@asoto.com

slide-11
SLIDE 11

But you get this…

Web Site www.asoto.com  Email: info@asoto.com

slide-12
SLIDE 12

EXPECTATION..

slide-13
SLIDE 13

But you get this…

slide-14
SLIDE 14

Web Site www.asoto.com  Email: info@asoto.com

Sometimes you expect this:

slide-15
SLIDE 15

Get this…

slide-16
SLIDE 16

Sometimes you expect this:

Web Site www.asoto.com  Email: info@asoto.com

slide-17
SLIDE 17

But you get this:

Web Site www.asoto.com  Email: info@asoto.com

slide-18
SLIDE 18

Web Site www.asoto.com  Email: info@asoto.com

Sometimes you expect this:

slide-19
SLIDE 19

Web Site www.asoto.com  Email: info@asoto.com

…But you get this..

slide-20
SLIDE 20

Lab TOOLS…

  • Software
  • Hardware
  • Specialized tools
slide-21
SLIDE 21

Password Protection…

http://www.freerainbowtables.com/ …. http://www.freerainbowtables.com/en/tables2/ Others…

slide-22
SLIDE 22

Manual Password Recovery

slide-23
SLIDE 23

Really Standard process??

slide-24
SLIDE 24
  • ISO 17025..

And remember the LIMS…..

slide-25
SLIDE 25
  • Technical Process..
  • Administrative Process..
  • Legal process…
  • Integration…
slide-26
SLIDE 26

Web Site www.asoto.com  Email: info@asoto.com

Actual/Future paths for specializations in digital forensics

  • OS + internals
  • NOS + internals
  • Mobile phones/smart phones
  • Digital devices / appliances
  • Reverse engineering / malware analysis
  • App Servers / web 2.0, 3.0 …..
slide-27
SLIDE 27

New trends/challenges.. new tools required…

  • Firmware analysis and repair
  • Mechanical tools for media
  • Faraday cages
  • EEPROM / NAND readers
  • Spectrum analyzers
  • Mobile multiplexers
  • Sand boxes
  • Reverse engineering
  • Strong SSO auth.
  • Data mining…. Terabytes waiting for..
slide-28
SLIDE 28

ACE / SD / Others..

Web Site www.asoto.com  Email: info@asoto.com

slide-29
SLIDE 29

Web Site www.asoto.com  Email: info@asoto.com

Nude HDD…

slide-30
SLIDE 30

Web Site www.asoto.com  Email: info@asoto.com

Example of eXtreme Digital Forensics, beyond the logical level…

The dark side of storage

  • ATA Commands
  • ATA Factory commands
  • What is the SA?
  • Firmware
  • Flash ROM
  • Heads/Platters
  • Security Erase, HDD Self destruction?
  • ATA password
slide-31
SLIDE 31

Web Site www.asoto.com  Email: info@asoto.com

ATA commands..

PC3k… SD… Etc…

slide-32
SLIDE 32

OSINT

  • Open-source intelligence (OSINT) is a form of

intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence. In the intelligence community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or classified sources); it is not related to open-source software or public intelligence.

Web Site www.asoto.com  Email: info@asoto.com

slide-33
SLIDE 33

OSINT Free…

Web Site www.asoto.com  Email: info@asoto.com

slide-34
SLIDE 34

More boy toys…

  • http://labs.adobe.com/technologies/swfinvestigator/
  • IDA+Olly+Syser+Python+.
  • http://sourceforge.net/projects/malclassifier.adobe/
  • http://aws.amazon.com/free/
  • http://corelan.be/

Web Site www.asoto.com  Email: info@asoto.com

slide-35
SLIDE 35

Web Site www.asoto.com  Email: info@asoto.com

Conlusions

  • teamwork, teamwork, teamwork
  • research beyond the standard channels
  • reverse engineering
  • binary analysis
  • VM and isolation
  • avoiding self destruction techniques (Media/Mobile)
  • hardware hacking…
  • reaserch, reaserch, reaserch
  • legal - technical integration local, regional and beyond the

borders

  • concept unification, committee, academy and industry
  • welcome ideas, research join efforts
slide-36
SLIDE 36

QUESTIONS ? ☺