Written by Vitaly Kamluk

2 minute read

Presentation: It’s Friday Evening Professor Moriarty

Speaker: Nicolas Collery

ABSTRACT

Has it ever happened to you on a Friday afternoon, just before closing your laptop, tidying your desk before a long weekend? A weekend that indeed looks now very long in perspective? A server disappeared! A network device that blinks mysteriously and frantically like a Christmas tree. No clues yet to be found? Feeling like calling Watson? Call no one but become Sherlock himself to uncover the truth!

This session will reveal some of Moriarty’s machinations and some cyber forensics techniques you can use to identify all the clues left over and finally solve the puzzle quickly (before your weekend runs over). Some of the tools of deduction will include:

• remotely pulling the puppet strings
• unlocking the secrets of a locked box
• anticipating the enemy’s first move
• set a decoy to expose the stratagem

LEARNING MORE ABOUT IT

Watch on Youtube

Presentation: Searching for a Needle in a Remote Haystack

Speaker: Vitaly Kamluk, Wayne Lee

ABSTRACT

Our talk will focus on challenges of cyberattack investigation, explain why we have constantly emerging level of cybercrime worldwide and propose a solution to increase efficiency of future cyberattack investigators.

Our presentation includes technical details and architecture of a tool that we use to conduct remote digital forensic analysis. Moreover, not only we reveal the internals of the tool, but will introduce a way to build your own tool for remote incident analysis. Our solution is an open-source constructor of Live OS environment that can suite such needs. While it is fully open-source and non-binary code, it introduces several novel approaches that are based on combination of existing techniques from the domain of free and open-source software.

The presentation includes a live demo of using the tool to analyze a remote infection in forensically sound manner. The infected machine will have a combination of multiple world class targeted attack malware (including kernel mode rootkit) and techniques deployed on a single host to complicate such analysis. We will announce public availability of free Live OS constructor code and invite volunteer contributors to the project. A new Live OS that we will use for the demo will be built live on stage during our talk.

LEARNING MORE ABOUT IT

Watch on Youtube