About the session
Cybercrime is a very lucrative business not just because of the potential financial return, but because it’s quite easy to get away with it. Sometimes hackers get caught, but most of the time they still run free. When it comes to operating systems and after-attack traces, it is not that bad as all traces are gathered in one place – your infrastructure.
Even though hackers use techniques to remain on the loose, it is possible by using forensic techniques to gather evidence in order to demonstrate what actually happened. During this super intense session, Paula demonstrated techniques used by hackers to hide traces and forensic techniques that indicate how these activities were performed. Extremely technical session!
- See a demonstration of forensic techniques to gather the evidence.
- See a demonstration of conclusions with the summary of what happened.
- Learn how to search for the evidence and where it can be stored.
In case you didn’t make it to Paula’s session, here are the slides she was using:
Tools For Forensics Investigation
- CQ Prefetch Parser – a tool for forensics analysis of prefetch files being automaticity created every single time you launch an application.
- CQ Rdcache – a tool for forensic analysis of the cache files being stored by the remote desktop application.
- CQ RDCManDecrypted – decrypting credentials from remote desktop manager files.