Remote Forensic Investigations For The Win
Action | Key |
---|---|
Play / Pause | K or space |
Mute / Unmute | M |
Select next subtitles | C |
Select next audio track | A |
Show slide in full page or toggle automatic source change | V |
Seek 5s backward | left arrow |
Seek 5s forward | right arrow |
Seek 10s backward | shift + left arrow or J |
Seek 10s forward | shift + right arrow or L |
Seek 60s backward | control + left arrow |
Seek 60s forward | control + right arrow |
Decrease volume | shift + down arrow |
Increase volume | shift + up arrow |
Decrease playback rate | shift + comma |
Increase playback rate | shift + dot or shift + semicolon |
Seek to end | end |
Seek to beginning | beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
If you’re performing incident handling, you probably already faced this situation: “Friday, 5PM, your phone rings because a customer detected some suspicious activity on a server or a workstation. Of course, it must be investigated “as soon as possible”. The server is physically located 500km away, not easy to start to investigate. Why not use a toolbox that can be booted on any system (server, workstation, physical, virtual, cloud, …) and launch some investigations in a safe way but under the customer’s control and supervision?
During this talk, I’ll present you “Bitscout”, a customizable live CD based on free tools and created to perform remote forensic investigations. This project was created by Vitaly Kamluk but I already submitted some pull requests to improve the project and used it in real cases!
After a quick review of an incident handling process and its classic issues, I will present the tool itself and compare it to classic solutions based on agents. The architecture will be described and several use cases will be demonstrated (ex: booting the compromized server, take a memory image, scanning the filesystem, etc). Several demos will be prepared (crossing fingers ;-)
Speaker
Xavier Mertens
Other media in the channel "2020"
- 17 viewsConclusion talkJuly 2nd, 2020
- 199 views, 11 this yearPique curiosity, not diabetic fingersJuly 2nd, 2020
- 37 viewsWars of the machines: build your own Seek and Destroy RobotJuly 2nd, 2020
- 51 viewsTackling security issues in virtualizationJuly 2nd, 2020
- 29 views, 3 this yearEnarx - secured, attested execution on any cloudJuly 2nd, 2020
- 98 views, 4 this yearCONCERT de Musique Libre / Chanson Française par -KPTN-June 30th, 2020