Forensic Investigations of Web Explotations

Presented at AppSec USA 2013, Nov. 20, 2013, 4 p.m. (50 minutes)

Video of session: https://www.youtube.com/watch?v=WpDSQ18xaXY&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=5 Investigation of hacking incidents often requires combine effort of different technologies. Evidence and forensics artifacts are often found in various forms and formats. Network Forensics is one of the components in the process of finding compromised hosts, capturing and reconstructing malicious sessions. Attacks on web vulnerabilities can be replayed and transmitted data uncovered. This session will cover open source tools used for investigation of web compromised hosts and network forensics. Variety of tools can produce quite significant supplement to electronic evidence, and in many cases also capture the malicious executables transmitted in the traffic, or ex-filtrated data. Various network protocols and their structure will be presented. Open source Network forensic tools will be used on the traffic captured from a hacked web server. Different tools will be introduced for specific tasks in the investigation process. Captured traffic will be analyzed and reconstructed, and various artifacts found in the investigation will be discussed.

Presenters:

  • LIFARS LLC - CEO - LIFARS LLC
    Ondrej Krehel is principal and founder of LIFARS LLC, an international cyber security and digital forensics firm. He's the former Chief Information Security Officer of Identity Theft 911, the nation's premier identity theft recovery and data breach management service. He previously conducted forensics investigations and managed the cyber security department at Stroz Friedberg and the Loews Corporation. With two decades of experience in computer security and forensics, he has launched investigations into a broad range of IT security matters-from hacker attacks to data breaches to intellectual property theft. His work has received attention from CNN, Reuters, The Wall Street Journal and The New York Times, among many others. Spoke at RSA, CEIC, HTCIA, RIMS, Prague Cyber Summit, ICS South Africa.

Links:

Similar Presentations: