Jamie Butler (Coauthor of Rootkits: Subverting the Windows Kernel)
Presentation Title: Computer Forensics and Incident Response: Bringing Sexy Back
Presentation Details:
Sexy isn’t the word that comes to mind these days when you think computer forensics. And why should it, when any junior analyst can sit in front of one of those expensive GUI tools and pick out kiddie porn.
Those tools however, are pretty useless when it gets to the really sexy stuff like detecting injected shellcode running on a Windows box with no underlying file on disk. (Canvas and Meterpreter can both perform this attack.) Or how about the ability to read any logical file on the disk in real time no matter if the OS itself has it locked for exclusive access. Does this remind you of a time when all you wanted your anti-virus to do was tell you the contents of a suspicious file or allow you the ability to
delete it?
This talk will cover using open source tools to build a better, sexier forensic capability. In addition, I will throw in some additional tricks of my own and use enough demo rope that I am sure to hang myself.
About Jamie
Mr. Butler is a highly respected member of the information security community with a decade of experience in Windows operating system security. Prior to joining MANDIANT, Jamie was the CEO of HBGary Federal. His experience also includes Windows Host Intrusion Detection development at Enterasys Networks and over five years experience at the National Security Agency. He is the co-author and instructor of both the popular “Advanced 2nd Generation Digital Weaponry” course (recently taught at the 2006 BlackHat Training conference) and the “Offensive Aspects of Rootkit Technology” course which has been taught in five countries.