| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Digital forensics and incident response has traditionally covered the collection of artifacts from
Windows systems, following the Order of Volatility (RFC 3227). Programs like FTK Imager or
EnCase are the “tools of the trade”.
But with the advent of botnets like Mirai leveraging IP-based security cameras, digital video
recorders, security systems, and IoT devices, there is an increasing need to look at the oft-
overlooked devices in an environment from a digital forensics and incident response view. In
this talk we’ll explore the considerations for IoT in the DFIR space, look at the variety of items
that may gain interest in an investigation, and the challenges in collecting the artifacts for
analysis. The talk will also look at available work being done to improve investigations.
Mark joined McAfee in 2013, with over twenty years of information technology experience,
of which twenty have been focused on information security. He is now a consultant on the
McAfee Foundstone team, lending networking expertise to digital forensics and incident
response, where he helps companies with threat hunting, applying threat intelligence, and
analysis and triage of systems. He then assists with post-infection clean up, and process and
architecture redesign to improve security. Mark is also a Foundstone instructor, teaching
courses in Malware Analysis, Foundstone Incident Response, and other subjects. He is a
subject matter expert on information security, particularly network security architecture,
including firewall/VPN, IDS/IPS, SSL VPN, authentication technologies, and evasion
techniques. He also is fluent with many operating systems, but is particularly fond of UNIX and
all of its derivatives.
Recorded at AIDE 2017
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast