Anti-anti-forensics in action - Recovering from (USB) oblivion
- Tuesday, February 24th, 2015 at 3:00 PM EST (20:00:00 UTC)
- Nick Klein
You can now attend the webcast using your mobile device!
One of the more interesting challenges in digital forensics is reconstructing the use of "anti-forensic" tools and techniques that users employ to cover their tracks.
Such tools can perform a range of functions, such as clearing Internet history, wiping files or erasing document history. But just how effective are they?
In this presentation, SANS Certified Instructor and experienced digital forensic examiner Nick Klein will dissect one such tool - USB Oblivion - to see exactly how well it works, and what forensic artifacts it actually leaves behind.
Drawing upon tools and methods that Nick teaches in SANS forensic courses, he will demonstrate how to effectively identify the use of this tool, recover some of the evidence it 'wipes' and still reconstruct the user's USB activity.
Nick is the Director of Klein & Co. Computer Forensics, the leading independent computer forensic team from Sydney, Australia. He has over fifteen years of IT experience, specialising in forensic technology investigations and presenting expert evidence in legal and other proceedings. Nick and his team have been engaged as experts in hundreds of cases including commercial litigation and electronic discovery, criminal prosecution and defence, financial fraud, corruption, employee misconduct, theft of intellectual property, computer hacking and system intrusion. He was previously a senior director in Deloitte Forensic and a team leader in the High Tech Crime Team of the Australian Federal Police, where he worked on international police investigations and intelligence operations including counter terrorism, online child abuse, computer hacking, and traditional crimes facilitated by new technologies.