Next Page >>
forensic analysis
- Philippe Oechslin (Switzerland)
All browsers MITM keylogging on remote
- p3lo (France)
GSM/GPRS/UMTS (in)security, Forensic on GSM mobiles phone
- PaTa (Spain)
Lockpicking, How to open/break all (back)doors
- Alexandre Triffault (France)
Of course you do, I can't blame you or your company. But let's be serious
here for a moment, wishing that you're the queen of England doesn't make
it so.
> Forensic examiners will inevitably come across corrupted data on target systems from time to time; and in standard computer forensics training, including classes offered by Guidance Software, examiners are trained to account for such issues. In addition, while Guidance Software maintains a robust in-house quality assurance process and strives to make our software as stable as possible, no software is completely crash-proof and there will always be anomalies, particularly involving extreme scenarios of corrupted target data.
Did you really just turn the shoddiness of your application into a
training opportunity?
Background
==========
The Sleuth Kit is a collection of file system and media management
forensic analysis tools.
Affected packages
=================
-------------------------------------------------------------------
iSEC last night released our report on issues discovered in The Sleuth
Kit and Guidance Software's EnCase Forensic and Enterprise Editions:
http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper
.v1_1.BH2007.pdf
We will send out these bugs in "advisory" format soon. It should be
noted that these issues were addressed in version 2.09 of The Sleuth
Kit, and most of the EnCase issues (not including our concerns with
EnCase Enterprise's cryptographic system) will be mitigated in the
upcoming version 6.7 release.
CALL FOR PARTICIPATION
IMF 2009
5th International Conference
on IT Security Incident Management & IT Forensics
September 15th - 17th, 2009
Stuttgart, Germany
Early Registration Closes on September 1st!
Hey all,
I've just posted a new tool and paper for Oracle forensics. The tool,
orablock, allows a forensic investigator to dump data from a "cold" Oracle
data file - i.e. there's no need to load up the data file in the database
which would cause the data file to be modified, so using orablock preserves
the evidence. Orablock can also be used to locate "stale" data - i.e. data
that has been deleted or updated. It can also be used to dump SCNs for data
blocks which can be useful during the examination of a compromised Oracle
box. Indeed, this is the subject of the paper "Oracle Forensics Part 7:
Using the Oracle System Change Number in Forensic Examinations". Both the
(Sept. 12).
On Thursday (Sept. 13) five workshops are given to address
selected topics in greater detail. The issues discussed comprise the
Octave Method, the X.805 security architecture, memory analysis on
Windows platforms, an overview over high tech forensics tools and
virtualisation of forensic images.
------------------------------------------------------------------------
2nd CALL FOR PARTICIPATION
# Analysis and reverse engineering of malicious code
# Analysis of vulnerability, attacks and defence against networks, hardware, software
# Virtualization and operating systems security
# Web applications security and cryptographic
# 3G/4G, SS7, WLAN, RFID, Bluetooth Security
# Data recovery, Forensic and Incident Response
# Physical security
# Firewall technologies
CONFidence conference is a non-profit event and speakers are not being
paid. However, we always try to provide financial help and cover
2nd CALL FOR PAPERS
IMF 2008
4th International Conference on
IT Incident Management & IT Forensics
Mannheim, Germany
September 23 - 25, 2008
http://www.imf-conference.org/
future, or at least a comprehensive audit against the systems. If the
ex-admin deleted accounts and changed passwords (which, btw, will land
him in jail if the company follows through with it as they should) then
you have no idea what else he's done to compromise the DC or any other
system he has access to. It's probably too late to depend on any
forensic information to build a case against any additional damages
(since your friend has already stepped on the file system and AD) - but
who knows, a plea bargain including reparation for expenses could cover
the costs for them.
Bottom line is that the integrity of the install is compromised, and
# 3G/4G, SS7, WLAN, RFID, Bluetooth Security
# Analysis and reverse engineering of malicious code
# Analysis of vulnerability, attacks and defence against networks,
hardware, software
# Virtualization and operating systems security
# Data recovery, Forensic and Incident Response
# Physical security
# Firewall technologies
# Web applications security and cryptographic
Caution!
briefly- delivery content.
* Target speech level: To classify as: newbie
(rookie)/intermediate/advanced/expert.
* Required skills: Specify required skills of attendants.
* Topic: General topic to which the speech belongs to (Network Security,
Forensic, Secure Programming, 0day attacks, Wireless Security, etc).
* Author/s's Phone number.
* Author/s's home address.
*Deliverers expenses*
The expenses of deliverers (passages tickets, transfers, lodgings) of those
[ Our anticipate apologies if you receive this call for paper more than
once! ]
CALL FOR PAPERS:
1st Workshop on Open Source Software for Computer and Network Forensics
(OSSCoNF)
We are currently inviting the submission of full papers to the 1st Workshop
on Open Source Software for Computer and Network Forensics (OSSCoNF),
which will be held in conjunction with OSS2008, the Fourth International
a valid way to get this information as well. Of course this attack
method of attack does require physical access or root (something that
isn't very hard anyway on Mac OS X).
I think this is a realistic issue to address. It could and probably is
being leveraged by forensic analysts as well as other kinds of data thieves.
When I first disclosed to apple, they were seemingly disinterested
because they were unaware of the cold boot attacks that we were carrying
out. Now that such attacks are well known to be easy in software,
they've said they will patch the Loginwindow.app issue in the future.
CALL FOR PAPERS
IMF 2009
5th International Conference
on IT Security Incident Management & IT Forensics
September 15th - 17th, 2009
Stuttgart, Germany
========================================================================
An attacker could also conduct a serious DoS attack. Flooding the wireless communications causes the unit to stop responding. This can result in the following actions:
A. A continued DoS could cause the bristle monitor to not send an end of life signal to the SmartMonitor system leaving the user to continue using an old toothbrush head which could eventually lead to dental failure. The failure to monitor the most effective head life could result in bristle failure.
B. Dental statistics could be erased from the monitor unit. This would leave the user unable to determine and report on their brushing habits. This could lead to user confusion and over or under brushing leading to tooth wear.
C. Fake battery life transmissions can be sent making the user believe that the battery life is in fact longer than is truly stored. This could lead to a catastrophic brushing failure where the toothbrush runs out of power in mid-clean. A continued long term attack could lead to the creation of cavities in the user’s teeth.
A forensic analysis of the SmartMonitor unit can be conducted to recover deleted brushing sessions. A user who was attempting to cover a period of lapsed dental care could be investigated and the deleted data recovered. In some cases it is feasible that this could result in a reduction of user privileges and possible punitive action (especially where the analysis is conducted by the parent administrative body).
IV. DETECTION
The DoS attack is readily detectable as the toothbrush fails to communicate to the monitoring unit.
[ Our anticipate apologies if you receive this call for paper more than
once! ]
CALL FOR PAPERS:
1st Workshop on Open Source Software for Computer and Network Forensics
(OSSCoNF)
We are currently inviting the submission of full papers to the 1st Workshop
on Open Source Software for Computer and Network Forensics (OSSCoNF),
which will be held in conjunction with OSS2008, the Fourth International
briefly- delivery content.
* Target speech level: To classify as: newbie
(rookie)/intermediate/advanced/expert.
* Required skills: Specify required skills of attendants.
* Topic: General topic to which the speech belongs to (Network Security,
Forensic, Secure Programming, 0day attacks, Wireless Security, etc).
* Author/s's Phone number.
* Author/s's home address.
Important dates:
3rd CALL FOR PAPERS
IMF 2009
5th International Conference
on IT Security Incident Management & IT Forensics
September 15th - 17th, 2009
Stuttgart, Germany
DEADLINE EXTENSION
2. CALL FOR PAPERS
IMF 2009
5th International Conference
on IT Security Incident Management & IT Forensics
September 15th - 17th, 2009
Stuttgart, Germany
PAPER SUBMISSION OPEN!
Impact
======
An attacker could entice a user to process a specially-crafted ext2 or
ext3 file system image (with tools linking against libext2fs, e.g.
fsck, forensic tools or Xen's pygrub), possibly resulting in the
execution of arbitrary code with the privileges of the user running the
application.
Workaround
==========
We are especially interested in presentation concerning:
# 3G/4G, SS7, WLAN, RFID, Bluetooth Security
# Analysis and reverse engineering of malicious code
# Analysis of vulnerability, attacks and defence against networks, hardware, software
# Virtualization and operating systems security
# Data recovery, Forensic and Incident Response
# Physical security
# Firewall technologies
# Web applications security and cryptographic
Caution!
CALL FOR PARTICIPATION
IMF 2008
4th International Conference on
IT Incident Management & IT Forensics
Mannheim, Germany
September 23 - 25, 2008
http://www.imf-conference.org/
3rd CALL FOR PAPERS
IMF 2008
4th International Conference on
IT Incident Management & IT Forensics
Mannheim, Germany
September 23 - 25, 2008
http://www.imf-conference.org/
Encase 5.0 and possibly other version
Background:
With Encase's recent response to the iSec's security report and their ability to both market their product while at the same time minimizing their products issues, Breakpoint Security decided to advise Encase to take their software's assurance a bit more serious. In the course of 6 hours researchers from Breakpoint Security conducted not so intensive tests of about 10 scenarios utilizing specialized proprietary software like dd, xxd and ultraedit.
As a result of this testing regimen, Breakpoint Security was able to identify multiple bugs in Encase. All the testing done OBVIOUSLY involved intentionally corrupted files. We contend that any issues found in software written for forensic purposes must not fall victim to possibly infected images. While this problem may simply postpone an investigation, other more critical issues could result in more intrusive actions.
Vulnerability Details:
[ Our anticipate apologies if you receive this call for paper more than
once! ]
CALL FOR PAPERS:
1st Workshop on Open Source Software for Computer and Network Forensics
(OSSCoNF)
We are currently inviting the submission of full papers to the 1st Workshop
on Open Source Software for Computer and Network Forensics (OSSCoNF),
which will be held in conjunction with OSS2008, the Fourth International
CALL FOR PAPERS
IMF 2008
4th International Conference on
IT Incident Management & IT Forensics
Mannheim, Germany
September 23 - 25, 2008
http://www.imf-conference.org/
* Audit
* Honeynets
* Perimeter Security
* Web security
* Malware Development
* Computer Forensic
* Fuzzing
* AI applications related with security
* Database hacking
* Privacy issues
* Mobile technologies
# Web applications security and cryptographic
# 3G/4G, SS7, WLAN, RFID, Bluetooth Security
# Analysis and reverse engineering of malicious code
# Analysis of vulnerability, attacks and defence against networks, hardware, software
# Virtualization and operating systems security
# Data recovery, Forensic and Incident Response
# Physical security
# Firewall technologies
Caution! We do not accept marketing, non-technical presentations aimed
at presenting and selling any products. If you lecture presents
[*] What is Unhide ?
Unhide is a forensic tool to find processes and TCP/UDP ports hidden
by rootkits / LKMs or any other hidden techniques.
[*] What is new in this release
* Fixed a race condition bug that showed false positives
* Added manpages
Next Page>>
|
