Session:Computer Forensics introduction + Q&A

From 34C3_Wiki
Revision as of 00:51, 30 December 2017 by Hunter2 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Description An introduction to computer forensics, how to use some tools and how to avoid being detected by some of them ;)
Website(s)
Type Workshop
Kids session No
Keyword(s) hardware, software, network, security
Tags forensics
Person organizing User:Hunter2
Language en - English
en - English
Other sessions...

refresh

Starts at 2017/12/29 23:59
Ends at 2017/12/30 01:59
Duration 120 minutes
Location Room:Lecture room 12

Basic computer knowledge required.

Difficulty will be adapted to the audience.

Please RSVP via Twitter: @34c3_hunter2 or mail: 7u1mepnhzj28bbn@jetable.org





Foresics

  • chain of custody
  • create a forensic image
  • copies + original evidence
  • lists of keywords and search terms
  • analyze forensic images
  • report

create a forensic image

Device powered off

--> forensics copy of DISKS

Device powered on

--> First: acquire RAM!

Disk encryption --> Live acquisition

No disk encryption --> Offline acquisition

Tools

Hardware: forensic dupicator

Hardware: write blokers

Alternative: FIREBrick