A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


The Attack Is Coming From Inside The Refrigerator! - Mark Boltz-Robinson AIDE 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

The Attack Is Coming From Inside The Refrigerator!
Mark Boltz-Robinson
AIDE 2017


Digital forensics and incident response has traditionally covered the collection of artifacts from Windows systems, following the Order of Volatility (RFC 3227). Programs like FTK Imager or EnCase are the “tools of the trade”. But with the advent of botnets like Mirai leveraging IP-based security cameras, digital video recorders, security systems, and IoT devices, there is an increasing need to look at the oft- overlooked devices in an environment from a digital forensics and incident response view. In this talk we’ll explore the considerations for IoT in the DFIR space, look at the variety of items that may gain interest in an investigation, and the challenges in collecting the artifacts for analysis. The talk will also look at available work being done to improve investigations.

Mark joined McAfee in 2013, with over twenty years of information technology experience, of which twenty have been focused on information security. He is now a consultant on the McAfee Foundstone team, lending networking expertise to digital forensics and incident response, where he helps companies with threat hunting, applying threat intelligence, and analysis and triage of systems. He then assists with post-infection clean up, and process and architecture redesign to improve security. Mark is also a Foundstone instructor, teaching courses in Malware Analysis, Foundstone Incident Response, and other subjects. He is a subject matter expert on information security, particularly network security architecture, including firewall/VPN, IDS/IPS, SSL VPN, authentication technologies, and evasion techniques. He also is fluent with many operating systems, but is particularly fond of UNIX and all of its derivatives.

Recorded at AIDE 2017

Back to AIDE 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast