About the session

Cybercrime is a very lucrative business not just because of the potential financial return, but because it’s quite easy to get away with it. Sometimes get caught, but most of the time they still run free. When it comes to operating and after-attack traces, it is not that bad as all traces are gathered in one place – your infrastructure.

Even though hackers use to remain on the loose, it is possible by using forensic to gather evidence in order to demonstrate what actually happened. During this super intense session, Paula demonstrated used by hackers to hide traces and forensic that indicate how these activities were performed. Extremely technical session!

Learning Objectives:

  1. See a demonstration of forensic techniques to gather the evidence.
  2. See a demonstration of conclusions with the summary of what happened.
  3. Learn how to search for the evidence and where it can be stored.

Slides

In case you didn’t make it to Paula’s session, here are the slides she was using:

Tools For Forensics Investigation

  • CQ Prefetch Parser – a tool for forensics analysis of prefetch files being automaticity created every single time you launch an application.
  • CQ Rdcache – a tool for forensic analysis of the cache files being stored by the remote desktop application.
  • CQ RDCManDecrypted – decrypting credentials from remote desktop manager files.

them HERE.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here