.

Interesting read on anti-forensics

<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Jan 20, 2010 10:48 pm

Interesting read on anti-forensics

I don't know if anyone caught this talk at Blackhat last year.  I found this to be a very interesting read.

Conventional rootkits tend to focus on defeating forensic live incident response and network monitoring using a variety of concealment strategies (e.g. hooking, detour patching, covert channels, peer-to-peer communication, etc.). However, the technology required to survive a post-mortem analysis of secondary storage, which is just as vital in the grand scheme of things, recently doesn’t seem to have garnered the same degree of coverage. In this paper, we’ll examine different approaches to persisting a rootkit and the associated anti-forensic tactics that can be employed to thwart an investigator who’s performing an autopsy of a disk image.


http://www.blackhat.com/presentations/bh-usa-09/BLUNDEN/BHUSA09-Blunden-AntiForensics-PAPER.pdf
~~~~~~~~~~~~~~
Ketchup
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu Jan 21, 2010 3:25 am

Re: Interesting read on anti-forensics

Indeed, thanks for sharing. :)

Return to Forensics

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software