Presentation Title: In-depth Anti-Forensics - Challenges of Steganography & Discovering Hidden Data
Steganography has been a popular data-hiding technique for decades, being very effective in covering messages from the world war times until the era of Internet where electronic communications became default for new generations. Itâ€™s easy to find public wide-distributed materials that focus on subversion of in-traffic analysis, even those who inspect this traffic in a supposed ‘intelligent’ manner. These techniques rely on encryption + steganography + tunnels to evade information leakage detectors.
The purpose of this presentation is to talk a little bit more of a relatively little-discussed area of Steganography and Computer Forensics, which deals with ways of storing contents, files (or even another filesystem) inside the current â€œhealthyâ€ filesystem of a computer. Hence some issues covering poisoning of current well used file formats in order to store evil data will be demonstrated and also some detection methods using entropy analysis will be covered.
Some awareness about using correct methodology not relying on common file interpreters will be created also, demonstrating some methods and examples that will show how sometimes a Computer Forensics analyst can recover hidden files (for example in slack space) by file carving techniques and state that no â€œevilâ€ data was found, but inside this file would be possible to have even another filesystem with complete different files and even content.
Information Security Specialist and Computer Forensics Expert, have been working with High Technology crime investigation for private companies including the financial market and also for law enforcement agencies as a Forensics Connoisseur. Currently holding the position of Manager of Research & Development for the Information Security and Computer Forensics Labs of Scanit/Oger Systems. Expertise in Information Leakage, Data Recovery, Incident Handling, Response and Tracking, Evidence Collection, Forensics (also Anti-Forensics) methodology and tools Research & Development. Organizer of H2HC - Hackers 2 Hackers Conference (Latin America most important Hacking conference) . Invited professor of some universities for lessoning about Computer Forensics, author of several articles/papers and Speaker in security related conferences as HackInTheBox Dubai (UAE) 2007,VNSECON Ho Chi Minh City (Vietnam) 2007, XCon Beijing (China) 2007, HackInTheBox Kuala Lumpur (Malaysia) 2007, EkoParty Buenos Aires (Argentina) 2007, H2HC, SSI/ITA. Certifications: GCFA, MCSO
Recent presentations at : http://www.montanaro.com.br/palestras/