Get the Skills you need from Home with SANS Online Training - Special Offers Available Now

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Anti-anti-forensics in action - Recovering from (USB) oblivion

  • Tuesday, February 24, 2015 at 3:00 PM EST (2015-02-24 20:00:00 UTC)
  • Nick Klein

You can now attend the webcast using your mobile device!

  

Overview

One of the more interesting challenges in digital forensics is reconstructing the use of "anti-forensic" tools and techniques that users employ to cover their tracks.

Such tools can perform a range of functions, such as clearing Internet history, wiping files or erasing document history. But just how effective are they?

In this presentation, SANS Certified Instructor and experienced digital forensic examiner Nick Klein will dissect one such tool - USB Oblivion - to see exactly how well it works, and what forensic artifacts it actually leaves behind.

Drawing upon tools and methods that Nick teaches in SANS forensic courses, he will demonstrate how to effectively identify the use of this tool, recover some of the evidence it 'wipes' and still reconstruct the user's USB activity.

Speaker Bio

Nick Klein

Nick is the Director of Klein & Co. Computer Forensics, the leading independent computer forensic team from Sydney, Australia. He has over fifteen years of IT experience, specialising in forensic technology investigations and presenting expert evidence in legal and other proceedings. Nick and his team have been engaged as experts in hundreds of cases including commercial litigation and electronic discovery, criminal prosecution and defence, financial fraud, corruption, employee misconduct, theft of intellectual property, computer hacking and system intrusion. He was previously a senior director in Deloitte Forensic and a team leader in the High Tech Crime Team of the Australian Federal Police, where he worked on international police investigations and intelligence operations including counter terrorism, online child abuse, computer hacking, and traditional crimes facilitated by new technologies.

He was previously a senior director in Deloitte Forensic and a team leader in the High Tech Crime Team of the Australian Federal Police, where he worked on international police investigations and intelligence operations including counter terrorism, online child abuse, computer hacking, and traditional crimes facilitated by new technologies.

Nick has presented expert evidence in civil and criminal matters in Australia and overseas, including providing expert testimony in the Bali bombing trials in Indonesia in 2003. He has appeared before Australian State and Commonwealth Parliamentary Committees and participated in Government working groups on cybercrime issues including the Fraud Taskforce of the Australian Banking Association and the Critical Infrastructure Protection forum of the Australian Commonwealth Government. Nick is a regularly presenter at industry forums and a guest lecturer at several institutions including the School of Law at the University of New South Wales and the Centre for Transnational Crime Prevention, Faculty of Law at the University of Wollongong.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.