Presented at DEF CON 14 (2006)
Aug. 4, 2006, 6:30 p.m.
It's hard to prosecute someone if you can't prove what they did. In this session, we will quickly cover 10 easy ways to cover your tracks using Mac OS X. The features of Mac OS X at the GUI level were in a lot of ways designed to cater to the paranoid (eg. Steve Jobs). Underneath the hood, using some easily scriptable techniques you can cover your tracks in such a way that will make it easy to hide what you've done as well as your identity.
In this session, we will quickly cover some of the techniques that can be used to cover your tracks using case studies that illustrate ways that we have pieced together evidence as a starting point. Using a little bit of forensic evasion can go a long way to keep you free. This might also be interesting for forensic enthusiasts who can learn ways around these techniques.
Charles Edge / krypted
- aka Krypted
as Charles Edge
Charles Edge began his consulting career working with Support Technologies, Andersen Consulting and Honda to name a few. In January of 2000 Charles arrived at Three18, a boutique consulting firm in Santa Monica, California. At Three18, Charles has worked with Network Architecture, Security and Design for a wide range of clients. As a partner at Three18 Charles manages a team of engineers, security professionals and programmers.
His first book, "Mac Tiger Server Little Black Book" is available through Paraglyph Press. His second book, "Web Admin Scripting Little Black Book" is also available through Paraglyph Press. The latest title Charles is working on is Mac Security Essentials.