[ mainpage :: register :: training :: conference :: hitb-labs :: the venue ]
[ capture the flag (CTF) :: wireless village :: lock picking village (LPV) :: open-hack ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]


HITBSecConf2008 - Malaysia (Day 1)

HITBSecConf2008 - Malaysia (Day 2)

Registration for HITBSecConf2009 - Dubai is also now open.

Matthew Geiger (Forensics Specialist, CERT)

Filed under: Main Page — Administrator @ 12:44 pm

Presentation Title:How to Build Your Own Password Cracker with a Disassembler and a Little VM Magic
Presentation Abstract:

The burgeoning popularity of full-disk and volume-based encryption is posing a swiftly growing challenge to forensic investigators. Adapting to this challenge will require a re-engineering of the process for acquiring digital evidence, from the legal framework applied to the tools and techniques used. In a growing number of cases, the acquisition of digital forensic evidence in criminal cases will bear a strong resemblance to the process used by criminals to break into computer systems. Although this trend has precedent in the world of law enforcement – where police enter buildings by force and employ locksmiths to crack safes – it represents a sea-change in the digital forensic arena.

The presentation will address the implications for the forensics community, as well as the techniques and skills that investigators need to develop. Case examples will illustrate key points. And, to highlight the type of new approaches necessary, we will demonstrate the creation of an ad-hoc password-cracking tool using an equally ad-hoc reverse engineering approach. We’ll then employ the tool in a virtual machine environment to recover a forensic disk image from a system that uses full-disk encryption.

About Matthew

Matthew Geiger is a forensic specialist and researcher at CERT. His recent work has focused on data acquisition from encrypted devices, on counter-forensic tool performance and on creating new utilities for live-system forensics. He has assisted and advised U.S. federal security agencies in a number of high-profile computer investigations.

Prior to joining CERT, Matthew worked as a digital forensic analyst in the private sector, where he led investigations involving corporate fraud, network intrusion, proprietary data theft, corruption and official misconduct for clients that included Fortune 500 companies. His professional background also includes network security design and implementation, incident response and security assessment. Matthew holds an MS degree from Carnegie Mellon University. His professional accreditations include the SANS Institute’s GCFA forensic certification.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian National Computer Confederation

Multimedia Development Corporation

Platinum Sponsors

Titanium Sponsor (Post Conference Reception)

Gold Sponsors

CTF Sponsor

CTF Prize Sponsor

Open-Hack Sponsor

Metro-e and Official Bandwidth Sponsor

Network Equipment Sponsor

Our Speakers are Supported By

Supporting Media:

Virus Bulletin

InfoSec News

InfoSec News

XAKEP (Russia)

Supporting Organizations

Professional Information Security Association - Hong Kong

Special Interest Group in Security & Information InteGrity Singapore