Download - PFIC - Paraben's Forensic Innovations Conference
Download - PFIC - Paraben's Forensic Innovations Conference
Download - PFIC - Paraben's Forensic Innovations Conference
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Time: Monday, 10:30 AM – 11:30 AM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: Mike Raggo, MobileIron<br />
Title: Wireless Incident Response & <strong>Forensic</strong>s – Latest Techniques<br />
Current attack vectors indicate that wireless attacks are now more focused on wireless clients rather than<br />
wireless infrastructures. As wireless access points, wireless switches, and wireless defense technologies have<br />
improved, wireless end-users have now become the new low-hanging fruit.<br />
Ubiquitous mobility is now center stage and with that comes a plethora of vulnerabilities introduced by mobile<br />
computing devices including Wi-Fi enabled smartphones. This presentation will explore attacks focused<br />
on obtaining end-user data, wireless network credentials, and corporate network infi ltration. Intrusion techniques<br />
as well as extrusion techniques will be reviewed including: Windows Virtual Wi-Fi, AirPlay, and mobile<br />
hotspots.<br />
Time: Monday, 10:30 AM – 11:30 AM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: Mike Raggo, MobileIron<br />
Title: Wireless Incident Response & <strong>Forensic</strong>s – Latest Techniques<br />
Current attack vectors indicate that wireless attacks are now more focused on wireless clients rather than<br />
wireless infrastructures. As wireless access points, wireless switches, and wireless defense technologies have<br />
improved, wireless end-users have now become the new low-hanging fruit.<br />
Ubiquitous mobility is now center stage and with that comes a plethora of vulnerabilities introduced by mobile<br />
computing devices including Wi-Fi enabled smartphones. This presentation will explore attacks focused<br />
on obtaining end-user data, wireless network credentials, and corporate network infi ltration. Intrusion techniques<br />
as well as extrusion techniques will be reviewed including: Windows Virtual Wi-Fi, AirPlay, and mobile<br />
hotspots.<br />
Time: Monday, 12:30 PM – 2:00 PM<br />
Track: <strong>Innovations</strong> Track<br />
Room: Davos<br />
Presenter: David Cowen, G-C Partners LLC<br />
Title: Anti Anti-<strong>Forensic</strong>s<br />
The NTFS $Logfi le is a gold mine of forensic data that has never been understood well. Tomes from a variety<br />
of authors and open source development groups have attempted to explain its usage and changes for those<br />
use in writing to the NTFS fi le system, but we’ve never seen any research on how to pull apart and read the<br />
$logfi le beyond carving MFT fi le records from it. In this presentation we will show to use the $Logfi le to fi nd<br />
out when: Timestamps have been changed, What the name of a fi le was before it was renamed, Details on<br />
when a fi le was created, Details on when a fi le is deleted, timestamp recovery from $logfi le entries and how<br />
to determine how many diff erent systems have written to external media.<br />
In short you can now; roll back the metadata from a wipe, fi nd more deleted fi les with their metadata, recover<br />
wiped fi les that were resident in the mft, recover fi les that have been timestomped and fi nd fi les hidden<br />
by rootkits and malware or were never committed to disk.