Black Hat Briefings, Las Vegas 2005 [audio] Presentations From The Security Conference

James C. Foster and Vincent T. Liu: Catch Me If You Can:Exploiting Encase, Microsoft, Computer Associates, and the rest of the bunch.

Informações:

Sinopsis

Don't get caught. Building off of Foster's log manipulation and bypassing forensics session at BlackHat Windows 2004, James C. Foster and Vincent T. Liu will share over eighteen months of continued private forensic research with the Black Hat audience including ground-breaking vulnerabilities and key weaknesses in some of the most popular tools used by forensic examiners including EnCase, CA eTrustAudit, and Microsoft ISA Server. Watch live demonstrations as Foster and Vinnie detail how to leverage these weaknesses to avoid being detected, and discover the theory and practice behind the most effective and cutting-edge anti-forensics techniques. Finally, learn how to turn a forensic analyst's training against himself by joining the speakers in a lively discussion of the "Top 10 Ways to Exploit a Forensic Examiner". This talk should be required viewing for all those on both sides of the fence, so come prepared to watch trusted forensics tools crumble. James C. Foster, Fellow, is the Deputy Director of