Forensic Analysis : using TSK and Volatility

Slides:



Advertisements
Similar presentations
Malware Artifacts.
Advertisements

Anti Anti-Forensics: Correlation Tony Rodrigues, CISSP, CFCP inv.forense (at) gmail (dot) com.
Computer security Viruses Hacking Backups
……+(4n-3) = n(2n-1) P 1 = 1(2(1)-1)=1 check.
Windows Server 2012 Storage: Windows Gets a Bit SANer Presented by Mark on twitter 1 V2.00. contents copyright 2013 Mark.
Oregon Presented by: John Ritchie Date: August 9 th, 2011 – GFIRST7 INFECTED! Using the Oregon SIRT Malware Toolkit to Safely Determine Source, Vector.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
Memory Forensics During Incident Response
Deeper research never hurts!
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
3-2 Solving Inequalities Using Addition or Subtraction
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008
ⓒ 2012 Zalman Tech Co., Ltd. ZM-VE400 Virtual Drive + External HDD Case Sales Guide.
Real World Software Development Management and Solutions Barry Gervin March 23, 2011.
Capturing Computer Evidence Extracting Information.
Passwords, Encryption Forensic Tools
COEN 252 Computer Forensics Windows Evidence Acquisition Boot Disk.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
By: KOURTNEI.  Teachers help students learn  Teachers and they teach many students in the classroom.
IT security By Tilly Gerlack.
TEL581. Outline “Divide and Conquer” Potential Topic Areas Teams Schedule Grading Benefits Assistance Lecture Slides Lab Assignment Homework Assignment.
Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.
Staying Safe Online Aberdeen Grammar School. Things to do online Keep in touch with friends and family using , twitter and social networking sites.
C Application No Advanced payment. No Down payment. I am the owner of the product/source code. If you are the selected coder I will Create mile.
Monnappa KA  Info Security Cisco  Member of SecurityXploded  Reverse Engineering, Malware Analysis, Memory Forensics 
Deeper research never hurts! Check out the following links: Our tools:  Tools - Benjamin Delpy
Presented by: Maha, Marina and Aleks Viruses,Wormsand Trojans.
Project 1a Evaluation Section. Using ICT Advantages and Disadvantages of using ICT.
Safe Downloading & Malware Prevention. Adobe Flash Update One program that will ask you to update often is Adobe Flash. While updating Flash is important,
Avoiding viruses and malware A quick guide. What is malware?  A virus and malware are the same thing  Spyware  Worm  Trojan  Virus.
How to Use Media Master to record your voice in the ESL Lab By Marsha Chan.
Computer Safety Sid Holder 8k Viruses Hacking Backing Up.
Admin for the Power User Presented by: Glen Thonis Solutions Expert November 10 th 2015.
FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.
Day 1,2 Review. Review: Parts of a Computer CPU (Processor) Main Memory (RAM) External Memory (ROM) -Hard Drive-Floppy-USB Drive I/O Devices -Keyboard-Monitor-Printer-Speakers.
Don’t let them catch your computer!!!!!
FILE MANAGEMENT Computer Basics 1.3. FILE EXTENSIONS.txt.pdf.jpg.bmp.png.zip.wav.mp3.doc.docx.xls.xlsx.ppt.pptx.accdb.
Working with EDiscovery and Records Management in SharePoint Steve Name of speaker (optional)
Today’s Agenda 1.Collect Pre-Labs 2.Software engineering (CS 480) –Heavyweight approaches –Agile methods Extreme programming –Pair programming »PairDrawing.
Assignments Locate an assignment Attach an assignment Turn in an assignment.
Deeper research never hurts! Memory dumps contain personal information, but… how personal?
Anti-Spam Products Demo iHateSpam CCC/WNUG Meeting March 6, 2003.
ALL ABOUT ME INTRODUCING ME! MY FAMILY MY PETS THINGS I LIKE TO DO MY FAVORITE BOOKS More Welcome, I’m Miss Computer Lab lets learn a little bit about.
Windows 10 Utilities  Windows Utilities:  Anti-Malware/Anti-Virus  Windows Update  Disk Cleanup  Defrag  Task Manager  Backup.
Taking your medications properly and safely Cherokee Layson-Wolf, PharmD, CGP, BCACP, FAPhA Assistant Dean, Experiential Learning Associate Professor,
Final Project: Advanced Security Blade IPS and DLP blades.
History The worm was at first identified by the security company VirusBlokAda in mid-June Journalist Brian Krebs's blog posting on 15 July 2010.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
WIRELESS GATEWAYS FOR HOME USE AND ENTERPRISE USE NOR HANANI BINTI SAHARUDIN TSK 1.
VMware Recovery Software RECOVER DATA FROM CORRUPT VMDK FILE.
Advancing Workplace Technologies An MCCA Workshop presented by: Ed Weber, President Weber Enterprises, Inc. in association with: East Central College.
Firmware threat Dhaval Chauhan MIS 534.
Implementing Cisco Cybersecurity Operations
Facebook Customer Service
Enterprise Botnet Detection and Mitigation System
Homeland Security: Computer Protection
R4H Reversing for Humans
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
5 HACKS THAT WILL HELP YOU ACHIEVE YOUR MAJOR BEAUTY GOALS.
CHFI & Digital Forensics [Part.1] - Basics & FTK Imager
Incident response and intrusion detection
The Ins and Outs of Indexes
Understanding Forensic Images
Smart Sys Care – The Best PC Optimization Tool
It is safe to consume and can be purchased at discounted price through BuyExtenze coupons from Don'tPayAll.
Assoc. Prof. Hussam Elbehiery
The Ins and Outs of Indexes
Journey Beyond Zero.
Online Safety; Privacy and Sharing
Presentation transcript:

Forensic Analysis : using TSK and Volatility

A bit about Me Mark Bennett Work for Check Point Software. Incident Response/Forensics for Health Care Firewalls Malware analysis Intrusion Prevention HR/Legal Watching over the enterprise SANS Instructor http://www.sans.org http://www.darknet-consulting.com http://www.pauldotcom.com

Agenda Metasploit How to use it What can you do with it Making Forensic copies Copying memory Copy Hard drive Timeline analysis How to create How to read Memory analysis Strings Volatility See it live Wrap up

Metasploit

Metasploit – cont.

Mandiant Memoryze

Using dd for bit-by-bit copies

fls - bodyfile

mactime - timeline

Timeline Analysis

Memory Analysis

Volatility – memory analysis

Live Demo Let’s Do it for Real!!!

Questions/Comments ??????????????????????????????????

Wrap UP Mark Bennett http://www.sans.org/mentor 508 Advanced Forensic Analysis 408 Windows Forensics 504 Incident Response http://www.darknet-consulting.com http://www.pauldotcom.com Hack Labs – Metasploit Be good, be safe, if you are going to hack, hack legally and responsibly – I’m Out!

THANK YOU FOR ATTENDING

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.