IT Forensics for System Administrators 2

Since its first release in 2017 CyberChef - described as "The Cyber Swiss Army Knife" - has quickly become one of the go-to tools for many IT security practitioners. CyberChef is a free, browser-based, open source tool, that supports hundreds of different "cyber operations" such as encoding, encrypting, compressing, converting, analysing data, etc. It is especially useful for malware analysts...

Having obtained an image of the memory of a compromised system, what to do with it? This part of the forensic process is called analysis, and this webinar will go through the first steps of analysing a memory image, looking into processes, network and temporary filesystems as well as some operating system specific artefacts, such as the Windows registry of the Linux Bash history.

Malware that is other compressed and encrypted on disk is usually unpacked and in cleartext in memory. Likewise, rootkits that conceal adversary activities can be found with relative ease in the memory image of a compromised system. This webinar will show some techniques to obtain malware that works along common ways, such as DLL injection, malicious kernel modules, or system call table...

In this session, we will discuss the basic concepts of persistent storage forensics. Furthermore, some approaches with easy-to-use basic tools will be presented and demonstrated.

In this session, more advanced analysis methods and tools will be discussed. Furthermore, these methods and tools will be demonstrated in practice with select case samples.