InfoconDB

Presented at Objective by the Sea version 1.0 (2018), Nov. 3, 2018, 11 a.m. (50 minutes).

Pattern-of-life data can provide a story about how a device and its user interact with each other. A user using their Mac or iPhone may have no idea how intimate of a picture can be extracted from the analytical data on their devices. An extremely creepy and granular picture in many cases. This data can be used in a variety of forensic investigations from criminal matters to device intrusions but may end of being a privacy nightmare if the data were to fall into the wrong hands.

This data tends to be stored in in a variety of databases and correlation of this data for analysis purposes can be difficult. Each database can hold different type of data, retain it for a different period of time, and have different storage mechanisms for its entries.

Each small seed of data can grow into a database providing delicious fruit that can be harvested to create a damn good apple pie. This presentation will show were each seed is stored, what type of apple it is, how to make the most out of it.

Presenters:

Sarah Edwards - Forensic Analyst / Instructor at Sans Forensics
Sarah is an senior digital forensic analyst who has worked with various federal law enforcement agencies. She has performed a variety of investigations including computer intrusions, criminal, counter‐intelligence, counter-narcotic, and counter‐terrorism. Sarah's research and analytical interests include Mac forensics, mobile device forensics, digital profiling and malware reverse engineering. Sarah has presented at the following industry conferences; Shmoocon, CEIC, Bsides*, TechnoSecurity, HTCIA and the SANS DFIR Summit. She has a Bachelor of Science in Information Technology from Rochester Institute of Technology and a Masters in Information Assurance from Capitol College. Sarah is the author of the new SANS Mac Forensic Analysis Course - FOR518.

From Apple Seeds to Apple Pie

Presenters:

Links:

Similar Presentations: