Remote Forensic Investigations For The Win
| Key | Action |
|---|---|
| K or space | Play / Pause |
| M | Mute / Unmute |
| C | Select next subtitles |
| A | Select next audio track |
| V | Show slide in full page or toggle automatic source change |
| left arrow | Seek 5s backward |
| right arrow | Seek 5s forward |
| shift + left arrow or J | Seek 10s backward |
| shift + right arrow or L | Seek 10s forward |
| control + left arrow | Seek 60s backward |
| control + right arrow | Seek 60s forward |
| shift + down arrow | Decrease volume |
| shift + up arrow | Increase volume |
| shift + comma | Decrease playback rate |
| shift + dot or shift + semicolon | Increase playback rate |
| end | Seek to end |
| beginning | Seek to beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamInformation on this media
Links:
Number of views:
50 (this month: 1)Creation date:
July 1, 2020Speakers:
Xavier MertensLicense:
CC BY-SA v4Description
If you’re performing incident handling, you probably already faced this situation: “Friday, 5PM, your phone rings because a customer detected some suspicious activity on a server or a workstation. Of course, it must be investigated “as soon as possible”. The server is physically located 500km away, not easy to start to investigate. Why not use a toolbox that can be booted on any system (server, workstation, physical, virtual, cloud, …) and launch some investigations in a safe way but under the customer’s control and supervision?
During this talk, I’ll present you “Bitscout”, a customizable live CD based on free tools and created to perform remote forensic investigations. This project was created by Vitaly Kamluk but I already submitted some pull requests to improve the project and used it in real cases!
After a quick review of an incident handling process and its classic issues, I will present the tool itself and compare it to classic solutions based on agents. The architecture will be described and several use cases will be demonstrated (ex: booting the compromized server, take a memory image, scanning the filesystem, etc). Several demos will be prepared (crossing fingers ;-)
Speaker
Xavier Mertens
Other media in the channel "2020"
17 viewsConclusion talkJuly 2nd, 2020
173 views, 3 this monthPique curiosity, not diabetic fingersJuly 2nd, 2020
37 views, 1 this monthWars of the machines: build your own Seek and Destroy RobotJuly 2nd, 2020
50 viewsTackling security issues in virtualizationJuly 2nd, 2020
26 views, 1 this monthEnarx - secured, attested execution on any cloudJuly 2nd, 2020
94 views, 1 this monthCONCERT de Musique Libre / Chanson Française par -KPTN-June 30th, 2020