Explore anti-forensics techniques and occult computing in this 59-minute conference talk by Adrian Crenshaw. Delve into topics such as private portable browsers, boot media, selective file wiping and encryption, defragmentation issues, USB device logs, and hibernation files. Learn about timestamp manipulation, shadow copy, booby-trapped devices, and cloud computing security. Discover various wiping tools, including Enhanced Secure Erase, and methods to change file hashes. Gain insights into disk structures, partitioning tricks, and unconventional data destruction methods like thermite use.
Overview
Syllabus
Intro
Short Version
Why Occult Computing?
What's this talk about?
Disks, Tracks, Sectors
Private portable browsers
Boot media
Tools for selective file wiping
Selective File Encryption
Defrag issues
USB device log
Hibernation file
Tool/Solution Kiddies
Timestomp
Shadow Copy
Booby Trapped Device?
Two partitions on a thumbdrive
Cloud Computing?
Thermite
Wipe Tools
One wipe?
Enhanced Secure Erase
Other tools
Change the hash of the file
