SlideShare une entreprise Scribd logo

Real Time Event Recording System the Tool for Digital Forensics Investigation by Madhav Limaye

Télécharger en tant que PPTX, PDF
ClubHack
ClubHack

This is the Tool kind of Application that records the system events, e.g. File Delete, File Execute etc., on the central Server, which are the potential events used by Digital Forensic Investigators while investigating Offensive Event, e.g. Hosting an Attack.

1  sur  10
Real Time Event Recording System, the tool for Digital Forensics Investigation Madhav Limaye mlimaye@gmail.com
Practice today • Investigator finds device been used • Attempt to dig out all events in past, e.g. – an object (file/registry) deleted from the Disk/Device – executing an EXE – Cookies – contents sent out, e.g. for printing – access the network resource – Calls made through IP phones – Etc.
Success factors • Success rate depends on multiple factors • Need multiple tools • Need expertise • Total failure if, – Device Reset – physically damaged • Etc.
Things available native… • Native tools/repository is present – Cookies – Windows • Event Log • Registry – Cell phone • call history • Those are local, can be cleaned or overflow
The proposed tool • Record When It Happens/Occurs • Should support all Devices • Can be Agent Based/Less • Records to central server • Can work On-line/Off-line
Challenges for implementation • Biggest – data storage • Switching off the agent • Taking the device off the n/w, in case Agentless
Other Utilization • At nation level, for national security – Monitor activities at public places, e.g. Net cafes • At Enterprise to enforce policies of device usage • At home, to monitor usage by minors
Approaches for implementation • Agent Based – To avoid device, being monitored, performance does not degrade – Have “off-line” monitor – Avoid n/w bandwidth conservation • Protecting the Agent – Heartbeat: poll for agent alive – Tie it to Device Kernel, somehow, so if someone tries to “kill” it, it will take the device down • Configurable Events/Devices – The Events/Devices, depth/detail etc. should be configurable – There should be “white-list” for Devices and Events/Applications – E.g. • the “Exchange” server is “trusted” • Not monitoring the Events for tools Source Code Control • Pushing the logs to server – On “configurable” interval – On “shut-down” of the device
Q &A
Thank you Madhav Limaye mlimaye@gmail.com

Recommandé

Anant kochhar _revealing_the_secrets - ClubHack2009
Anant kochhar _revealing_the_secrets - ClubHack2009Anant kochhar _revealing_the_secrets - ClubHack2009
Anant kochhar _revealing_the_secrets - ClubHack2009ClubHack
 
Varun - Subtle Security Flaws - ClubHack2007
Varun - Subtle Security Flaws - ClubHack2007Varun - Subtle Security Flaws - ClubHack2007
Varun - Subtle Security Flaws - ClubHack2007ClubHack
 
Jonathan - Reverse Engineering for exploit writers - ClubHack2008
Jonathan - Reverse Engineering for exploit writers - ClubHack2008Jonathan - Reverse Engineering for exploit writers - ClubHack2008
Jonathan - Reverse Engineering for exploit writers - ClubHack2008ClubHack
 
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008ClubHack
 
Karmendra - Hashing, CAPTCHA's and Caching - ClubHack2008
Karmendra - Hashing, CAPTCHA's and Caching - ClubHack2008Karmendra - Hashing, CAPTCHA's and Caching - ClubHack2008
Karmendra - Hashing, CAPTCHA's and Caching - ClubHack2008ClubHack
 
Gaurav - VoIP - ClubHack2007
Gaurav - VoIP - ClubHack2007Gaurav - VoIP - ClubHack2007
Gaurav - VoIP - ClubHack2007ClubHack
 
Nibin - Reverse Engineering for exploit writers - ClubHack2008
Nibin - Reverse Engineering for exploit writers - ClubHack2008Nibin - Reverse Engineering for exploit writers - ClubHack2008
Nibin - Reverse Engineering for exploit writers - ClubHack2008ClubHack
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008ClubHack
 

Recommandé

Anant kochhar _revealing_the_secrets - ClubHack2009
Anant kochhar _revealing_the_secrets - ClubHack2009Anant kochhar _revealing_the_secrets - ClubHack2009
Anant kochhar _revealing_the_secrets - ClubHack2009ClubHack
 
Varun - Subtle Security Flaws - ClubHack2007
Varun - Subtle Security Flaws - ClubHack2007Varun - Subtle Security Flaws - ClubHack2007
Varun - Subtle Security Flaws - ClubHack2007ClubHack
 
Jonathan - Reverse Engineering for exploit writers - ClubHack2008
Jonathan - Reverse Engineering for exploit writers - ClubHack2008Jonathan - Reverse Engineering for exploit writers - ClubHack2008
Jonathan - Reverse Engineering for exploit writers - ClubHack2008ClubHack
 
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008ClubHack
 
Karmendra - Hashing, CAPTCHA's and Caching - ClubHack2008
Karmendra - Hashing, CAPTCHA's and Caching - ClubHack2008Karmendra - Hashing, CAPTCHA's and Caching - ClubHack2008
Karmendra - Hashing, CAPTCHA's and Caching - ClubHack2008ClubHack
 
Gaurav - VoIP - ClubHack2007
Gaurav - VoIP - ClubHack2007Gaurav - VoIP - ClubHack2007
Gaurav - VoIP - ClubHack2007ClubHack
 
Nibin - Reverse Engineering for exploit writers - ClubHack2008
Nibin - Reverse Engineering for exploit writers - ClubHack2008Nibin - Reverse Engineering for exploit writers - ClubHack2008
Nibin - Reverse Engineering for exploit writers - ClubHack2008ClubHack
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008ClubHack
 
Suhas desai _open_source_data_security - ClubHack2009
Suhas desai _open_source_data_security - ClubHack2009Suhas desai _open_source_data_security - ClubHack2009
Suhas desai _open_source_data_security - ClubHack2009ClubHack
 
Ajit - Legiment Techniques - ClubHack2007
Ajit - Legiment Techniques - ClubHack2007Ajit - Legiment Techniques - ClubHack2007
Ajit - Legiment Techniques - ClubHack2007ClubHack
 
Aditya - Hacking Client Side Insecurities - ClubHack2008
Aditya - Hacking Client Side Insecurities - ClubHack2008Aditya - Hacking Client Side Insecurities - ClubHack2008
Aditya - Hacking Client Side Insecurities - ClubHack2008ClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
 
Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)ClubHack
 
Rohas - State of Cyber Law in India - ClubHack2008
Rohas - State of Cyber Law in India - ClubHack2008Rohas - State of Cyber Law in India - ClubHack2008
Rohas - State of Cyber Law in India - ClubHack2008ClubHack
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) ClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009ClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
The TrendWatch Luxe #2 / FR par FullSIX France
The TrendWatch Luxe #2 / FR par FullSIX FranceThe TrendWatch Luxe #2 / FR par FullSIX France
The TrendWatch Luxe #2 / FR par FullSIX FranceFullSIX Group
 
Alphorm.com Formation Les solutions de Haute Disponibilité sous Windows Serv...
Alphorm.com Formation Les solutions de Haute Disponibilité sous Windows Serv...Alphorm.com Formation Les solutions de Haute Disponibilité sous Windows Serv...
Alphorm.com Formation Les solutions de Haute Disponibilité sous Windows Serv...Alphorm
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 

Contenu connexe

En vedette

Suhas desai _open_source_data_security - ClubHack2009
Suhas desai _open_source_data_security - ClubHack2009Suhas desai _open_source_data_security - ClubHack2009
Suhas desai _open_source_data_security - ClubHack2009ClubHack
 
Ajit - Legiment Techniques - ClubHack2007
Ajit - Legiment Techniques - ClubHack2007Ajit - Legiment Techniques - ClubHack2007
Ajit - Legiment Techniques - ClubHack2007ClubHack
 
Aditya - Hacking Client Side Insecurities - ClubHack2008
Aditya - Hacking Client Side Insecurities - ClubHack2008Aditya - Hacking Client Side Insecurities - ClubHack2008
Aditya - Hacking Client Side Insecurities - ClubHack2008ClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
 
Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)ClubHack
 
Rohas - State of Cyber Law in India - ClubHack2008
Rohas - State of Cyber Law in India - ClubHack2008Rohas - State of Cyber Law in India - ClubHack2008
Rohas - State of Cyber Law in India - ClubHack2008ClubHack
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) ClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009ClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
The TrendWatch Luxe #2 / FR par FullSIX France
The TrendWatch Luxe #2 / FR par FullSIX FranceThe TrendWatch Luxe #2 / FR par FullSIX France
The TrendWatch Luxe #2 / FR par FullSIX FranceFullSIX Group
 
Alphorm.com Formation Les solutions de Haute Disponibilité sous Windows Serv...
Alphorm.com Formation Les solutions de Haute Disponibilité sous Windows Serv...Alphorm.com Formation Les solutions de Haute Disponibilité sous Windows Serv...
Alphorm.com Formation Les solutions de Haute Disponibilité sous Windows Serv...Alphorm
 

En vedette (13)

Suhas desai _open_source_data_security - ClubHack2009
Suhas desai _open_source_data_security - ClubHack2009Suhas desai _open_source_data_security - ClubHack2009
Suhas desai _open_source_data_security - ClubHack2009
 
Ajit - Legiment Techniques - ClubHack2007
Ajit - Legiment Techniques - ClubHack2007Ajit - Legiment Techniques - ClubHack2007
Ajit - Legiment Techniques - ClubHack2007
 
Aditya - Hacking Client Side Insecurities - ClubHack2008
Aditya - Hacking Client Side Insecurities - ClubHack2008Aditya - Hacking Client Side Insecurities - ClubHack2008
Aditya - Hacking Client Side Insecurities - ClubHack2008
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)
 
Rohas - State of Cyber Law in India - ClubHack2008
Rohas - State of Cyber Law in India - ClubHack2008Rohas - State of Cyber Law in India - ClubHack2008
Rohas - State of Cyber Law in India - ClubHack2008
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 )
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
The TrendWatch Luxe #2 / FR par FullSIX France
The TrendWatch Luxe #2 / FR par FullSIX FranceThe TrendWatch Luxe #2 / FR par FullSIX France
The TrendWatch Luxe #2 / FR par FullSIX France
 
Alphorm.com Formation Les solutions de Haute Disponibilité sous Windows Serv...
Alphorm.com Formation Les solutions de Haute Disponibilité sous Windows Serv...Alphorm.com Formation Les solutions de Haute Disponibilité sous Windows Serv...
Alphorm.com Formation Les solutions de Haute Disponibilité sous Windows Serv...
 

Plus de ClubHack

Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)ClubHack
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)ClubHack
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)ClubHack
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)ClubHack
 

Plus de ClubHack (20)

Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)
 

Real Time Event Recording System the Tool for Digital Forensics Investigation by Madhav Limaye

  • 1. Real Time Event Recording System, the tool for Digital Forensics Investigation Madhav Limaye mlimaye@gmail.com
  • 2. Practice today • Investigator finds device been used • Attempt to dig out all events in past, e.g. – an object (file/registry) deleted from the Disk/Device – executing an EXE – Cookies – contents sent out, e.g. for printing – access the network resource – Calls made through IP phones – Etc.
  • 3. Success factors • Success rate depends on multiple factors • Need multiple tools • Need expertise • Total failure if, – Device Reset – physically damaged • Etc.
  • 4. Things available native… • Native tools/repository is present – Cookies – Windows • Event Log • Registry – Cell phone • call history • Those are local, can be cleaned or overflow
  • 5. The proposed tool • Record When It Happens/Occurs • Should support all Devices • Can be Agent Based/Less • Records to central server • Can work On-line/Off-line
  • 6. Challenges for implementation • Biggest – data storage • Switching off the agent • Taking the device off the n/w, in case Agentless
  • 7. Other Utilization • At nation level, for national security – Monitor activities at public places, e.g. Net cafes • At Enterprise to enforce policies of device usage • At home, to monitor usage by minors
  • 8. Approaches for implementation • Agent Based – To avoid device, being monitored, performance does not degrade – Have “off-line” monitor – Avoid n/w bandwidth conservation • Protecting the Agent – Heartbeat: poll for agent alive – Tie it to Device Kernel, somehow, so if someone tries to “kill” it, it will take the device down • Configurable Events/Devices – The Events/Devices, depth/detail etc. should be configurable – There should be “white-list” for Devices and Events/Applications – E.g. • the “Exchange” server is “trusted” • Not monitoring the Events for tools Source Code Control • Pushing the logs to server – On “configurable” interval – On “shut-down” of the device
  • 10. Thank you Madhav Limaye mlimaye@gmail.com