Forensic Investigations of Web Explotations
Forensic Investigations of Web Explotations
Wednesday, November 20 • 4:00 pm - 4:50 pm
Investigation of hacking incidents often requires combine effort of different technologies. Evidence and forensics artifacts are often found in various forms and formats. Network Forensics is one of the components in the process of finding compromised hosts, capturing and reconstructing malicious sessions. Attacks on web vulnerabilities can be replayed and transmitted data uncovered. This session will cover open source tools used for investigation of web compromised hosts and network forensics. Variety of tools can produce quite significant supplement to electronic evidence, and in many cases also capture the malicious executables transmitted in the traffic, or ex-filtrated data. Various network protocols and their structure will be presented. Open source Network forensic tools will be used on the traffic captured from a hacked web server. Different tools will be introduced for specific tasks in the investigation process. Captured traffic will be analyzed and reconstructed, and various artifacts found in the investigation will be discussed.
Speaker:
Ondrej Krehel
Spoke at RSA, CEIC, Prague Cyber Summit, ICS South Africa
Ondrej Krehel managing his own practice, in the past served as the Chief Information Security Officer for Identity Theft 911, the nation’s premier identity theft and data breach management, resolution and education service. With more than a decade of experience in computer cyber security and forensics, he has launched investigations internationally and domestically into a broad range of IT security matters – from hacker attacks to data breaches to intellectual property theft. His work has received attention from CNN, Reuters, The Wall Street Journal and The New York Times.