To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Forstått!
Artwork

Podcasting Tech Blackhat Briefings And Training Blackhat Usa 2006 Black Hat Vegas Blackhat Vegas Hacking Computer Security Speeches Presentations Spoken Word Audio Tech News Jeff Moss Video Conventions
Innhold levert av Black Hat and Jeff Moss. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Black Hat and Jeff Moss eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.

Lik Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference

Player FM - Podcast-app
Gå frakoblet med Player FM -appen!
Get it on App Store Get it on Google Play

Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference
Mariusz Burdach: Physical Memory Forensics

44:48
 
Spill
Avspiller
Del
 

MP4Episoder hjem
Manage episode 153984283 series 1109074
Innhold levert av Black Hat and Jeff Moss. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Black Hat and Jeff Moss eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.
Historically, only file systems were considered as locations where evidence could be found. But what about the volatile memory which contains a huge amount of useful information such as the content of clipboards or the SAM database? How long can volatile data stay in the main memory? What about anti-forensic methods of defeating disk forensic and incident response tools? Why is the content of the memory not dumped during the process of data collection from a suspicious computer? What is the best way to analyze the physical memory from Windows® and Linux® machines? Is it possible? I will answer these questions during my Black Hat presentation which is focused on methods of finding digital evidence in the physical memory of Windows and Linux machines. During the presentation, methods of investigations of the physical memory from a compromised machine will be discussed. Through these methods, it is possible to extract useful information from the memory such as the full content of .dll and .exe files, various caches like clipboards, detailed information about each process (e.g. owner, MAC times, content) and information about processes that were being executed and were terminated in the past. Also, methods of correlating page frames even from swap areas will be discussed. The techniques covered during the presentation will lead you through the process of analyzing important structures and recovering the content of files from the physical memory. As an integral part of the presentation, new ways of detecting hidden objects and methods of detecting kernel modification will be presented. These methods can be used to identify compromised machines and to detect malicious code such memory-resident rootkits or worms. Finally, toolkits will be presented to help an investigator to extract information from an image of the physical memory or from the memory object on a live system. Mariusz Burdach is a security researcher specializing in forensics, reverse engineering, intrusion detection, advanced intrusion protection and security management. He has published several articles on these topics in online and in hardcover magazines. Mariusz is currently working on methods of forensic analysis of physical memory and methods of detecting kernel mode rootkits. In addition, he is also an expert witness and a SANS Local Mentor. As an independent instructor, he has been teaching incident response and forensic analysis and hardening of Unix/Linux systems for over 4 years. Mariusz has served as a consultant, auditor and incident handler to many government and financial institutions in Poland. He lives in Warsaw, Poland."
  continue reading

86 episoder

#Podcasting #Tech #Blackhat Briefings And Training #Blackhat Usa 2006 #Black Hat Vegas #Blackhat Vegas #Hacking #Computer Security #Speeches #Presentations #Spoken Word #Audio #Tech News #Jeff Moss #Video #Conventions
Artwork

Mariusz Burdach: Physical Memory Forensics

Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference

published

Spill Avspiller
iconDel
 
MP4Episoder hjem
Manage episode 153984283 series 1109074
Innhold levert av Black Hat and Jeff Moss. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Black Hat and Jeff Moss eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.
Historically, only file systems were considered as locations where evidence could be found. But what about the volatile memory which contains a huge amount of useful information such as the content of clipboards or the SAM database? How long can volatile data stay in the main memory? What about anti-forensic methods of defeating disk forensic and incident response tools? Why is the content of the memory not dumped during the process of data collection from a suspicious computer? What is the best way to analyze the physical memory from Windows® and Linux® machines? Is it possible? I will answer these questions during my Black Hat presentation which is focused on methods of finding digital evidence in the physical memory of Windows and Linux machines. During the presentation, methods of investigations of the physical memory from a compromised machine will be discussed. Through these methods, it is possible to extract useful information from the memory such as the full content of .dll and .exe files, various caches like clipboards, detailed information about each process (e.g. owner, MAC times, content) and information about processes that were being executed and were terminated in the past. Also, methods of correlating page frames even from swap areas will be discussed. The techniques covered during the presentation will lead you through the process of analyzing important structures and recovering the content of files from the physical memory. As an integral part of the presentation, new ways of detecting hidden objects and methods of detecting kernel modification will be presented. These methods can be used to identify compromised machines and to detect malicious code such memory-resident rootkits or worms. Finally, toolkits will be presented to help an investigator to extract information from an image of the physical memory or from the memory object on a live system. Mariusz Burdach is a security researcher specializing in forensics, reverse engineering, intrusion detection, advanced intrusion protection and security management. He has published several articles on these topics in online and in hardcover magazines. Mariusz is currently working on methods of forensic analysis of physical memory and methods of detecting kernel mode rootkits. In addition, he is also an expert witness and a SANS Local Mentor. As an independent instructor, he has been teaching incident response and forensic analysis and hardening of Unix/Linux systems for over 4 years. Mariusz has served as a consultant, auditor and incident handler to many government and financial institutions in Poland. He lives in Warsaw, Poland."
  continue reading

86 episoder

#Podcasting #Tech #Blackhat Briefings And Training #Blackhat Usa 2006 #Black Hat Vegas #Blackhat Vegas #Hacking #Computer Security #Speeches #Presentations #Spoken Word #Audio #Tech News #Jeff Moss #Video #Conventions

Tüm bölümler

×
 
Loading …

Velkommen til Player FM!

Player FM scanner netter for høykvalitets podcaster som du kan nyte nå. Det er den beste podcastappen og fungerer på Android, iPhone og internett. Registrer deg for å synkronisere abonnement på flere enheter.

 

Lik Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference

Lytt til 500+ tema
Player FM - Podcast-app
Gå frakoblet med Player FM -appen!
Get it on App Store Get it on Google Play

Hurtigreferanseguide

Topp podcaster
Indre bane
VG Sporten med Brenne og Borud
NIH-podden
E24-podden
Misjonen med Antonsen og Golden
Radioresepsjonen
Filmpolitiets podkast
Filmfrelst
Dine Penger - Pengerådet
Bekk Open Podcast
Ekko
Dagsnytt 18
Mentaltrener Podcasten
Rekommandert
Uillustrert Vitenskap
Lørdagsrådet
Historier fra virkeligheten
Truecrimepodden
Gåten i Isdalen
To hvite menn
Player FM logo
Hjelp/FAQ | Oppgrader | Reklamere
Kunst|Business|Komedie|Økonomi|Underholdning|Nyheter|Politikk|Religion
Vitenskap|Fotball|Sport|Historiefortelling|Teknologi|True Crime
Copyright 2024 | Sitemap | Personvern | Vilkår for bruk | | opphavsrett
Episode being played series thumbnail
icon icon
Hastighet
Serier innstillinger
1x
1x
Volume
100%
icon
icon icon
/

Se Player FM i ...
Player FM
Browser
Chrome
Safari
Firefox