±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35894
New Yesterday: 0 Visitors: 109

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Catch Me If You Can -- Blackhat presentation

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

tebodell
Member
 

Catch Me If You Can -- Blackhat presentation

Post Posted: Jul 18, 05 08:31

Hey all, just wanted to hear some speculations on this talk..

blackhat.com/html/bh-u...ml#foster2

Think it'll be another case like with grugq's talk and the TCT "bug" or something bigger? Just looking for some thoughts i guess, hopefully those of you going to Blackhat 05 will be able to provide more detail in a few weeks Razz

Also curious about other --specifically recent-- anti-forensic tactics that anyone has heard of. Links to material would be great, I've been searching.

Thanks,
Tebodell  
 
  

keydet89
Senior Member
 

Re: Catch Me If You Can -- Blackhat presentation

Post Posted: Jul 18, 05 15:22

<i>...just wanted to hear some speculations on this talk..</i>

Speculations? We should probably just wait and see. In a lot of cases, the actual content at presentations like this have little to do with the expectations set by the title...but we'll have to see.

I stopped going to BH/DC for that reason, pretty much...it was becoming an expensive way to see friends. Besides, I'm more interested in the Windows side of things, and they've stopped holding the briefings for that one.

WRT other anti-forensics techniques, I've been looking into some things that have to do with the Windows Event Log...basically taking advantage of how the API works to subvert things, but doing so without wreaking havok a la WinZapper. After, all that's really required in anti-forensics is a strong desire to *not* be detected...which, in itself, is pretty easy.

H. Carvey
"Windows Forensics and Incident Recovery"
www.windows-ir.com
windowsir.blogspot.com  
 

Page 1 of 1