Explore the intricacies of creating a secure forensic toolkit for analyzing compromised systems in this 2-hour conference talk from Black Hat USA 1999. Delve into the challenges of working on compromised hosts, including checking for promiscuous mode interfaces, examining running processes, and investigating temporary directories. Learn techniques for safely making bit-for-bit hard drive copies and shutting down systems without compromising evidence integrity. Discover why using "known good" copies of utilities may not be sufficient protection against hidden threats left by attackers. Focus on the subtle technical aspects of operating in hostile computing environments, with demonstrations using Solaris and Windows NT. Gain insights into establishing a reasonably secure environment for forensic analysis of running compromised systems and identify essential utilities for your toolkit.
Overview
Syllabus
Black Hat USA 1999 - Building a Forensic Toolkit That Will Protect You From Evil Influences
Taught by
Black Hat