DOWNLOAD THESE FILES Intro Forensics

13
Intro Forensics Presented by Pranav, challenges & slides borrowed from friends @ UW (Batman’s Kitchen) sigpwny{next_time_i_wont_forget_the_flags} DOWNLOAD THESE FILES

Transcript of DOWNLOAD THESE FILES Intro Forensics

Page 1: DOWNLOAD THESE FILES Intro Forensics

Intro Forensics

Presented by Pranav, challenges & slides borrowed from friends @ UW (Batman’s Kitchen)

sigpwny{next_time_i_wont_forget_the_flags}

DOWNLOAD THESE FILES

https://drive.google.com/open?id=1qDvvR0GuyUPr9wcsSsvUxlHyshkHqLK_
Page 2: DOWNLOAD THESE FILES Intro Forensics

Things we’ll cover

concepts:

● file formats● network protocols● steganography

tools:

● foremost● wireshark● stegsolve

Page 3: DOWNLOAD THESE FILES Intro Forensics

Jobs in this field that use forensics skills

● Incident Response - looking at things post-hack● Malware Analysis - obfuscated exfiltration methods● These skills are general and make you better at using a

computer (but that’s true about pretty much anything you learn so...)

● I don’t really know! Feel free to DM me / throw out suggestions.

Page 4: DOWNLOAD THESE FILES Intro Forensics

Magic Number

● File formats usually start with a sequence of bytes● how does the file utility work? usu. by checking magic #s● you can check with: xxd filename | head● This is useful for identifying files!

Page 5: DOWNLOAD THESE FILES Intro Forensics

Foremost quick usage:

● It is a “file carver” — used for recovering files from disk images● looks for headers (magic numbers, footers, data structures)● apt-get install foremost or pip install foremost● foremost -i input_file # will create output/ with results, if any

Try: animals.dd challenge

Page 6: DOWNLOAD THESE FILES Intro Forensics

Steganography: hiding things in files

● RGB: LSB of an image● sometimes you have to hunt

for the right tool, sometimes you have to write your own

< stegsolve

Page 7: DOWNLOAD THESE FILES Intro Forensics

Steganography: hiding things in files

Page 8: DOWNLOAD THESE FILES Intro Forensics

Wireshark

● tool for analyzing network protocols● very useful for day-to-day● fun with wireshark: finding 0days @ DEF CON CTF

Page 9: DOWNLOAD THESE FILES Intro Forensics

Adminpanel.pcap challenge!

Step 1: open wireshark with data

Page 10: DOWNLOAD THESE FILES Intro Forensics

Adminpanel.pcap challenge!

Step 2: Filter relevant data

Page 11: DOWNLOAD THESE FILES Intro Forensics

Adminpanel.pcap challenge!

Step 3: Look at useful info and read!

Can’t just give you the answer lol

Page 12: DOWNLOAD THESE FILES Intro Forensics

ext-super-magic.img

● ext2 is a filesystem● it has “superblocks” that contain metadata about files● Something has happened to one of the superblock fields!● could it be…. the magic number????● more info: this GNU spec or this page from OSdev wiki● you can mount filesystems using the mount command

http://www.nongnu.org/ext2-doc/ext2.html
https://wiki.osdev.org/Ext2#Superblock
https://unix.stackexchange.com/a/72127/163689
Page 13: DOWNLOAD THESE FILES Intro Forensics

Get started!

DOWNLOAD THESE FILES

Flags are up on sigpwny.com

https://drive.google.com/open?id=1qDvvR0GuyUPr9wcsSsvUxlHyshkHqLK_
http://sigpwny.com

Arrow Download the Powerpoint File Intro to Veterinary2612

Arrow Download the Powerpoint File Intro to Veterinary2612

Introduction to Digital - University of Texas at Dallas · 2019-10-31 · Network Forensics- Intro Branch of digital forensics Monitoring and analysis of computer network traffic

Introduction to Digital - University of Texas at Dallas · 2019-10-31 · Network Forensics- Intro Branch of digital forensics Monitoring and analysis of computer network traffic

Intro to Blender Alex Hawker. First Steps Download Blender @ .

Intro to Blender Alex Hawker. First Steps Download Blender @ .

Digital Evidence and Computer Forensics Oct 7-8 2013/Tab 02 Oct 7-8... · Digital Evidence and Computer Forensics COMPUTER FORENSICS FORENSICS FORENSICS

Digital Evidence and Computer Forensics Oct 7-8 2013/Tab 02 Oct 7-8... · Digital Evidence and Computer Forensics COMPUTER FORENSICS FORENSICS FORENSICS

Acquisizione Laboratorio Disk forensics Network forensics

Acquisizione Laboratorio Disk forensics Network forensics

Master of Science(Cyber Security) (MSCS) Computer Forensics …egyanagar.osou.ac.in/download-slm.php?file=Block-01-Digital-Forensi… · Computer forensics requires specialized expertise

Master of Science(Cyber Security) (MSCS) Computer Forensics …egyanagar.osou.ac.in/download-slm.php?file=Block-01-Digital-Forensi… · Computer forensics requires specialized expertise

An Intro To Vital Aspects In War Of Mercenaries Download Apk

An Intro To Vital Aspects In War Of Mercenaries Download Apk

Intro to Comp Forensics

Intro to Comp Forensics

IEEE TRANSACTIONS ON INFORMATION FORENSICS …battiato/download/IEEE_TIFS2012.pdf · IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 7, NO. 4, AUGUST 2012 1105 Robust

IEEE TRANSACTIONS ON INFORMATION FORENSICS …battiato/download/IEEE_TIFS2012.pdf · IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 7, NO. 4, AUGUST 2012 1105 Robust

Intro to Incident Response and Forensics

Intro to Incident Response and Forensics

Digital forensics intro 20151123

Digital forensics intro 20151123

COE589: Digital Forensics - ccse.kfupm.edu.saahmadsm/coe589-122/00_Overview_Logisti… · Digital Forensics computer forensics mobile forensics network forensics ... COE589 - Ahmad

COE589: Digital Forensics - ccse.kfupm.edu.saahmadsm/coe589-122/00_Overview_Logisti… · Digital Forensics computer forensics mobile forensics network forensics ... COE589 - Ahmad

Intro to Computer Forensics Forensics Services intro… · extraction, documentation and interpretation of computer data. It is often more of an art than a science, but as in any

Intro to Computer Forensics Forensics Services intro… · extraction, documentation and interpretation of computer data. It is often more of an art than a science, but as in any

Forensics Intro

Forensics Intro

2013 05-15 Intro to Archivematica - UBC SLAIS Digital Records Forensics Class

2013 05-15 Intro to Archivematica - UBC SLAIS Digital Records Forensics Class

iPhone Forensics Methodology and Tools · Forensics methodologies, iPhone forensics, forensics tools, digital forensics evidence handling, INTRODUCTION iPhone mobile phone is becoming

iPhone Forensics Methodology and Tools · Forensics methodologies, iPhone forensics, forensics tools, digital forensics evidence handling, INTRODUCTION iPhone mobile phone is becoming

Computer Forensics An Intro to Computer Crime. Computer Forensics BTK The BTK Killer ( B lind, T orture, K ill) Dennis Rader - Feb 2005 Charged with.

Computer Forensics An Intro to Computer Crime. Computer Forensics BTK The BTK Killer ( B lind, T orture, K ill) Dennis Rader - Feb 2005 Charged with.

COMPUTER FORENSICS · 2019-08-24 · 1.0 Computer Forensics In Today’s World 1.0 Intro To Computer Forensics 2.0 Need For Computer Forensics 3.0 What is Cyber Crime 4.0 Forensics

COMPUTER FORENSICS · 2019-08-24 · 1.0 Computer Forensics In Today’s World 1.0 Intro To Computer Forensics 2.0 Need For Computer Forensics 3.0 What is Cyber Crime 4.0 Forensics

Forensics · Disk Forensics Mobile Forensics E-mail investigations Questioned document Cryptography, examination Steganography Live Forensics and Network Forensics Audio/video authentication

Forensics · Disk Forensics Mobile Forensics E-mail investigations Questioned document Cryptography, examination Steganography Live Forensics and Network Forensics Audio/video authentication

Casey Bann Doyle Intro Windows Mobile Forensics

Casey Bann Doyle Intro Windows Mobile Forensics