Presentation is loading. Please wait.

Presentation is loading. Please wait.

Forensic Analysis : using TSK and Volatility

Published byAntonia Kelley Modified over 5 years ago

Similar presentations

Presentation on theme: "Forensic Analysis : using TSK and Volatility"— Presentation transcript:

1 Forensic Analysis : using TSK and Volatility

2 A bit about Me Mark Bennett Work for Check Point Software.
Incident Response/Forensics for Health Care Firewalls Malware analysis Intrusion Prevention HR/Legal Watching over the enterprise SANS Instructor

3 Agenda Metasploit How to use it What can you do with it
Making Forensic copies Copying memory Copy Hard drive Timeline analysis How to create How to read Memory analysis Strings Volatility See it live Wrap up

4

5 Metasploit

6 Metasploit – cont.

7 Mandiant Memoryze

8 Using dd for bit-by-bit copies

9 fls - bodyfile

10 mactime - timeline

11 Timeline Analysis

12 Memory Analysis

13 Volatility – memory analysis

14 Live Demo Let’s Do it for Real!!!

15 Questions/Comments ??????????????????????????????????

16 Wrap UP Mark Bennett 508 Advanced Forensic Analysis 408 Windows Forensics 504 Incident Response Hack Labs – Metasploit Be good, be safe, if you are going to hack, hack legally and responsibly – I’m Out!

17 THANK YOU FOR ATTENDING

Download ppt "Forensic Analysis : using TSK and Volatility"

Similar presentations

Malware Artifacts.

Malware Artifacts.
Anti Anti-Forensics: Correlation Tony Rodrigues, CISSP, CFCP inv.forense (at) gmail (dot) com.

Anti Anti-Forensics: Correlation Tony Rodrigues, CISSP, CFCP inv.forense (at) gmail (dot) com.
Computer security Viruses Hacking Backups

Computer security Viruses Hacking Backups
8. 1+5+9+13+……+(4n-3) = n(2n-1) P 1 = 1(2(1)-1)=1 check.

……+(4n-3) = n(2n-1) P 1 = 1(2(1)-1)=1 check.
Windows Server 2012 Storage: Windows Gets a Bit SANer Presented by Mark on twitter 1 V2.00. contents copyright 2013 Mark.

Windows Server 2012 Storage: Windows Gets a Bit SANer Presented by Mark on twitter 1 V2.00. contents copyright 2013 Mark.
Oregon Presented by: John Ritchie Date: August 9 th, 2011 – GFIRST7 INFECTED! Using the Oregon SIRT Malware Toolkit to Safely Determine Source, Vector.

Oregon Presented by: John Ritchie Date: August 9 th, 2011 – GFIRST7 INFECTED! Using the Oregon SIRT Malware Toolkit to Safely Determine Source, Vector.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
Memory Forensics During Incident Response

Memory Forensics During Incident Response
Deeper research never hurts!

Deeper research never hurts!
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.

Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
3-2 Solving Inequalities Using Addition or Subtraction

3-2 Solving Inequalities Using Addition or Subtraction
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008
2012. 11. ⓒ 2012 Zalman Tech Co., Ltd. ZM-VE400 Virtual Drive + External HDD Case Sales Guide.

ⓒ 2012 Zalman Tech Co., Ltd. ZM-VE400 Virtual Drive + External HDD Case Sales Guide.
Real World Software Development Management and Solutions Barry Gervin March 23, 2011.

Real World Software Development Management and Solutions Barry Gervin March 23, 2011.
Capturing Computer Evidence Extracting Information.

Capturing Computer Evidence Extracting Information.
Passwords, Encryption Forensic Tools

Passwords, Encryption Forensic Tools
COEN 252 Computer Forensics Windows Evidence Acquisition Boot Disk.

COEN 252 Computer Forensics Windows Evidence Acquisition Boot Disk.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
By: KOURTNEI.  Teachers help students learn  Teachers and they teach many students in the classroom.

By: KOURTNEI.  Teachers help students learn  Teachers and they teach many students in the classroom.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.

Similar presentations

Ads by Google