Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Slides:



Advertisements
Similar presentations
1 Confidential and proprietary material for authorized Verizon Foundation personnel only. Use, disclosure or distribution of this material is not permitted.
Advertisements

Reduce Cost & Complexity Partner logo here Presenters Name (16pt) Presenters Title (14pt) Company/ (14pt) Manage and Deploy Applications using Virtualization.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Drafting and Reviewing Confidentiality Agreements West LegalEdcenter 2012.
© 2007 Verizon. All Rights Reserved. PTE /07 global capability. personal accountability. Verizon Advanced Net Conference Powered by WebEx Meeting.
© 2008 Verizon. All Rights Reserved. PTEXXXXX XX/08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Customized Net Conference New Features in Microsoft Office.
© 2008 Verizon. All Rights Reserved. PTE /08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Advanced Net Conference powered by Cisco-WebEx T26 Enhancements.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
Lesson 19: Configuring Windows Firewall
ORACLE ON VERIZON CLOUD Proprietary & Confidential, Verizon Enterprise Solutions Oracle OpenWorld September, Anne Plese, Verizon Enterprise.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Network security policy: best practices
© Verizon.Business All Rights Reserved. 00/00/06 Getting Started with Net Conferencing Powered by WebEx Getting Started with Net Conferencing Powered.
AICC Overview November 21, 2011.
The influence of PCI upon retail payment design and architectures Ian White QSA Head of UK&I and ME PCI Team September 4, 2013 Weekend Conference 7 & 8.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
© 2011 Verizon. All Rights Reserved. Reserved Net Conference for Cisco WebEx Event Center Presenter Name Presenter Title Month XX, 2013.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Benefits of a SUSE ® Subscription Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
Security and Privacy Strategic Global Partners, LLC.
© 2008 Verizon. All Rights Reserved. PTEXXXXX XX/08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Instant Net Conference Powered by Cisco WebEx Technology.
© Verizon Business. All Rights Reserved. 00/00/06 Getting Started with Microsoft Office ® Live Meeting Verizon Net Conferencing.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
© 2010 Verizon. All Rights Reserved. PTE / DBIR.
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Click to add Presentation Title Arial 32, 5 line max title space line 3, title space line 4, title space line 5 Presenter Title Organization Insert your.
© 2008 Verizon. All Rights Reserved. PTE /08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Verizon Instant Net Conference powered by Cisco-WebEx T26.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
© 2006 Verizon. All Rights Reserved. PTE /14/06 Verizon Customized Net Conference Powered by WebEx Meeting Center Basic Tutorial.
Lecture 27 Intellectual Property. Intellectual Property simply defined is any form of knowledge or expression created with one's intellect. It includes.
Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.
© 2008 Verizon. All Rights Reserved. PTEXXXXX XX/08 GLOBAL CAPABILITY. PERSONAL ACCOUNTABILITY. Reserved Net Conference New Features in Microsoft Office.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Confidential and proprietary material for authorized Verizon Incorporated personnel only. Use, disclosure or distribution of this material is not permitted.
Primary and Backup Connectivity. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or.
Manufacturing. Mobile workforce management Asset management Intelligent track and trace Condition-based maintenance Remote monitoring Learn how to ramp.
Why Verizon. Network performance Breadth of solutions See why better matters when doing business: Confidential and proprietary materials for authorized.
Retail. Business connectivity Asset management Fleet management Mobile POS Automated retail Learn how to expand your business with better technology:
Energy & Utilities. Smart metering Demand response Meter data management Distribution monitoring Fleet management Find out what Verizon can do for utilities.
Why Verizon. Network performance Breadth of solutions See why better matters when doing business: Confidential and proprietary materials for authorized.
Build your brand and deliver great customer experiences.
Connectivity to bank and sample account structure
Digital Footprint November 2016
Verizon Business Net Conferencing
Using Parallelspace TEAM Models to Design and Create Custom Profiles
2016 Data Breach Investigations Report
Reserved Net Conference
Finance Speaker notes:
Verizon Innovative Learning Minority Males
Pre-Execution Process Review Presentation
Automation in an XML Authoring Environment
One Talk from Verizon One TalkSM offers a flexible, scalable phone system that combines employees’ desk phones and mobile phones using the same number.
Motivation for 36OU Open Rack
Documentation Sub-Committee
Presentation transcript:

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Christopher J Novak Eric Gentry SANS WhatWorks Summit 2008 Forensics and Incident Response IR/Forensics Team Tactics Panel October 13, 2008 Las Vegas, NV

2 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. PROPRIETARY STATEMENT This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.

3 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Case Study: Anti-Forensics European bank suspected of having a data compromise. –Local forensics firm investigated identity theft complaints, but found no evidence of a compromise. –Bank wanted second opinion due to continued customer complaints. –We were engaged to perform the follow-up investigation –Determined that key evidence was missed due to AF: RootAF to clean logs of IP addresses Systems logs didn’t match Firewall Hide4Enc used to cloak data in pics Encryption key extracted from memory –Perpetrator successfully identified –Law Enforcement handling prosecution.

4 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. How Prevalent is Anti-Forensics? None: No special skills or resources were used. The average user could have done it. Low: Low-level skills and/or resources were used. Automated tools and Script Kiddies. Some Basic Anti-Forensics tools (point & click). Moderate: The attack employed skilled techniques, minor customization, and/or significant resources. More sophisticated Anti-Forensics tools (some customization). High: Advanced skills, significant customization and/or extensive resources were used. Multiple sophisticated Anti-Forensics tools (many customizations or home grown). Attack Difficulty

5 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. AF Effectiveness and Our Workarounds  Zero Footprinting (Evidence Wiping)  File Packers / Wrappers  Data Hiding (Steganography, Encryption)  Data Corruption / Injection  Data Obfuscation (Letter Substitution)  Blended Threats (Multiple Mixed AF) Common AF Techniques Seen in the Wild:  Many AF tools are not 100% (files may be locked, shared or in use)  Think outside the box… Copies of wiped data may exist in less convention areas (tape backups, clustered peers, etc…)  Evidence within the system’s running memory (memdump)  Journaled File Systems may retain some trace information or Metadata re: prior data  When it comes to Stego… Look at the pictures…  Understand that the case is going to take more time and set expectations accordingly… Making our Case Despite Anti-Forensics:

6 Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. Christopher J Novak Eric Gentry

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.