SlideShare une entreprise Scribd logo

Online DFS

Télécharger en tant que PPT, PDF
Pablo Llanos Urraca
Pablo Llanos Urraca
Technologie
1  sur  46
Cyber Security Technologies Presentation of the OnLine Digital Forensic Suite™ Next-generation software for investigations of live computers in networks . . . OnLineDFS Introduction - Proprietary & Confidential - Page 1
Focus OnLine Digital Forensic Suite™ is a software product for the real-time investigation of live, running systems in networks Product Heritage  Core technology developed with SBIR funding from the US Air Force  Productized for commercial market  Patent pending OnLineDFS Introduction - Proprietary & Confidential - Page 2
Intended Uses Target Markets Target Applications  Fortune 5000  Incident Response Corporations  Insider Threat  Government Agencies  External Threat  Integrators  Compliance  Service Providers  Information Assurance  Law Enforcement  E-Discovery  Criminal Investigations OnLineDFS Introduction - Proprietary & Confidential - Page 3
OnLineDFS™ Deployment Corporate System Under Investigation Multi-User Version Depicted Headquarters Servers Investigator (Browser interface) Corporate Manufacturing Locations NOC (or other secure location) Network OnLineDFS Application Any Location: & Data Store • Corporate • Field Location • Law Enforcement • Service Provider • Home Office, Hotel, etc. Note: Browser interface and System Under Investigation OnLineDFS™ application can Regional co-reside Offices wired/wireless/mobile System Under Investigation OnLineDFS Introduction - Proprietary & Confidential - Page 4
OnLineDFS Today  Volatile State Data  Memory  Persistent data  29 sources of  Acquisition  Files, folders, running state data directories,  Examination captured from metadata, etc. Windows targets,  Search  Unallocated and similar with Unix  Registry and Linux targets slack space  Walk  Acquisition  Capture, search  Acquisition  Examination  Image disk  Search Most volatile Persistent Summary of OnLineDFS Functionality OnLineDFS Introduction - Proprietary & Confidential - Page 5
Key Attributes  Built for the examination of running systems  Collects information that is lost when computer is shut down  Strong emphasis on volatile data and live examination of persistent data for rapid mitigation of risk  “Plug-and-play” deployment  OnLineDFS installed on network or subnet – no physical contact with target system required  No pre-installed agents  Straightforward, simple architecture  Simple set-up and operation  Technology can be readily integrated with other technologies  Investigate from anywhere, to anywhere  Investigator can work where the application is, or remotely from anywhere with Internet connectivity  Investigations performed though secure network connection  Wired/wireless/mobile targets OK  Discreet, non-disruptive:  Computer being analyzed is left in place  No end-user involvement needed  Investigative activity very difficult to detect  Stable, solid product  Release 3.6  Designed to adhere to forensic best practices 4 OnLineDFS Introduction - Proprietary & Confidential - Page 6
OnLineDFS Advantages  Designed for use in an enterprise environment  Built for on-line, real-time, networked world  Drill down live to hosts with issues of investigative interest  Proactive tool to address issues as they are happening  No pre-installed agents  Plug-and-play product based on simple architecture, very easy to deploy, maintain and use  Discreet, unobtrusive, does not disrupt operations  Flexible analytical approach fits real world  Go where the data takes you, acquire what you need  Enhances investigation productivity and timeliness  Leverages investment in third-party tools  Adheres to forensic best practices OnLineDFS Introduction - Proprietary & Confidential - Page 7
OnLineDFS Delivers Law Enforcement An effective tool for investigations in an enterprise environment Enterprises A cost-effective tool to mitigate risk, conduct investigations effectively Service Providers A tool to deliver outstanding customer timeliness and value OnLineDFS Introduction - Proprietary & Confidential - Page 8
Volatile Data Acquisition OnLineDFS Introduction - Proprietary & Confidential - Page 9
Memory and Registry OnLineDFS Introduction - Proprietary & Confidential - Page 10
Persistent Data OnLineDFS Introduction - Proprietary & Confidential - Page 11
Data Analysis OnLineDFS Introduction - Proprietary & Confidential - Page 12
Primary Data and Search OnLineDFS Introduction - Proprietary & Confidential - Page 13
Demonstration Scenario  Network security has observed unusual traffic on port 730 of host 192.168.171.202  You are authorized to investigate this host and have the and administrative account and password necessary to perform the investigation OnLineDFS Introduction - Proprietary & Confidential - Page 14
Start the Investigation OnLineDFS Introduction - Proprietary & Confidential - Page 15
Perform the Initial Acquire OnLineDFS Introduction - Proprietary & Confidential - Page 16
Initial Acquire Completed OnLineDFS Introduction - Proprietary & Confidential - Page 17
Let’s look at the Volatile Data OnLineDFS Introduction - Proprietary & Confidential - Page 18
Look at Port 730 details OnLineDFS Introduction - Proprietary & Confidential - Page 19
Let’s look at WINWORD OnLineDFS Introduction - Proprietary & Confidential - Page 20
Dig Deeper OnLineDFS Introduction - Proprietary & Confidential - Page 21
And Deeper OnLineDFS Introduction - Proprietary & Confidential - Page 22
Acquire the WINWORD.exe OnLineDFS Introduction - Proprietary & Confidential - Page 23
Acquire the WINWORD.exe OnLineDFS Introduction - Proprietary & Confidential - Page 24
Acquire the WINWORD.exe OnLineDFS Introduction - Proprietary & Confidential - Page 25
Acquire Completed OnLineDFS Introduction - Proprietary & Confidential - Page 26
Let’s search within the acquired file OnLineDFS Introduction - Proprietary & Confidential - Page 27
Search Completed with 5 matches OnLineDFS Introduction - Proprietary & Confidential - Page 28
Let’s acquire memory OnLineDFS Introduction - Proprietary & Confidential - Page 29
Background Task OnLineDFS Introduction - Proprietary & Confidential - Page 30
Memory Acquire Completed OnLineDFS Introduction - Proprietary & Confidential - Page 31
View Memory OnLineDFS Introduction - Proprietary & Confidential - Page 32
Search for “Keylogger” OnLineDFS Introduction - Proprietary & Confidential - Page 33
Search Results-Six Matches OnLineDFS Introduction - Proprietary & Confidential - Page 34
Looks like a credit card entry OnLineDFS Introduction - Proprietary & Confidential - Page 35
Let’s find the suspect OnLineDFS Introduction - Proprietary & Confidential - Page 36
Start a new inquiry OnLineDFS Introduction - Proprietary & Confidential - Page 37
Look at Port 1142 OnLineDFS Introduction - Proprietary & Confidential - Page 38
Have a look at Telnet OnLineDFS Introduction - Proprietary & Confidential - Page 39
Search for credit card format OnLineDFS Introduction - Proprietary & Confidential - Page 40
Let’s find Amazon OnLineDFS Introduction - Proprietary & Confidential - Page 41
Same data- he is the bad guy OnLineDFS Introduction - Proprietary & Confidential - Page 42
Comprehensive Documentation OnLineDFS Introduction - Proprietary & Confidential - Page 43
Let’s Review the Investigation  Acquired volatile data from host A  Looked at port 730 details and found WINWORD.exe  Acquired the WINWORD.exe file  Determined that it is a keylogger  Acquired memory and found the keylogger program and credit card data  Referred back to the port 730 details and identified the IP address and port of the host connected to host A OnLineDFS Introduction - Proprietary & Confidential - Page 44
Let’s Review the Investigation  With this information, initiated a second investigation on host B  From the volatile data acquired, we identified telnet as the process associated with port 1142  Acquired memory and found the exact same credit card data as was found in the memory of host A  Automatically generated detailed and thorough documentation of the entire investigation OnLineDFS Introduction - Proprietary & Confidential - Page 45
Cyber Security Technologies Questions? OnLineDFS Introduction - Proprietary & Confidential - Page 46

Recommandé

Gtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment OverviewGtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment Overviewgtbsalesindia
 
GTB Technologies Datasheet 2014
GTB Technologies Datasheet 2014GTB Technologies Datasheet 2014
GTB Technologies Datasheet 2014Ravindran Vasu
 
GTB DLP Suite Presentation
GTB DLP Suite PresentationGTB DLP Suite Presentation
GTB DLP Suite Presentationgtbsalesindia
 
Amitabh Singh_Technology_Business_Case_Investigation_Project
Amitabh Singh_Technology_Business_Case_Investigation_ProjectAmitabh Singh_Technology_Business_Case_Investigation_Project
Amitabh Singh_Technology_Business_Case_Investigation_ProjectA Singh
 
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsRainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsTEO LT, AB
 
GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014Ravindran Vasu
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensicsMarco Alamanni
 

Recommandé

Gtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment OverviewGtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment Overviewgtbsalesindia
 
GTB Technologies Datasheet 2014
GTB Technologies Datasheet 2014GTB Technologies Datasheet 2014
GTB Technologies Datasheet 2014Ravindran Vasu
 
GTB DLP Suite Presentation
GTB DLP Suite PresentationGTB DLP Suite Presentation
GTB DLP Suite Presentationgtbsalesindia
 
Amitabh Singh_Technology_Business_Case_Investigation_Project
Amitabh Singh_Technology_Business_Case_Investigation_ProjectAmitabh Singh_Technology_Business_Case_Investigation_Project
Amitabh Singh_Technology_Business_Case_Investigation_ProjectA Singh
 
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsRainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsTEO LT, AB
 
GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014GTB Data Leakage Prevention Use Cases 2014
GTB Data Leakage Prevention Use Cases 2014Ravindran Vasu
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensicsMarco Alamanni
 
Fighting Fraud With Digital Forensics
Fighting Fraud With Digital ForensicsFighting Fraud With Digital Forensics
Fighting Fraud With Digital ForensicsTOMMY SEAH
 
GTB IRM - Business Use Cases - 2013
GTB IRM - Business Use Cases - 2013GTB IRM - Business Use Cases - 2013
GTB IRM - Business Use Cases - 2013Ravindran Vasu
 
Pawaa OCC Presentation
Pawaa OCC PresentationPawaa OCC Presentation
Pawaa OCC PresentationCloudComputing
 
Gtb Dlp Suite Presentation
Gtb Dlp Suite PresentationGtb Dlp Suite Presentation
Gtb Dlp Suite Presentationgtbsalesindia
 
76 s201924
76 s20192476 s201924
76 s201924IJRAT
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesYury Chemerkin
 
GTB Data Loss Prevention
GTB Data Loss PreventionGTB Data Loss Prevention
GTB Data Loss Preventionrefaeli
 
N.sai kiran IIITA AP
N.sai kiran IIITA APN.sai kiran IIITA AP
N.sai kiran IIITA APsai Nagaragiri
 
OMG DDS Security, 3rd revised submission
OMG DDS Security, 3rd revised submissionOMG DDS Security, 3rd revised submission
OMG DDS Security, 3rd revised submissionGerardo Pardo-Castellote
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify PillarEd Wong
 
Week13
Week13Week13
Week13University of Aizu
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
One-stop shop for software development information
One-stop shop for software development informationOne-stop shop for software development information
One-stop shop for software development informationAftab Iqbal
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays Worldgueste0d962
 
Gigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGrant Swanson
 
Rothke Using Kazaa To Test Your Security Posture
Rothke Using Kazaa To Test Your Security PostureRothke Using Kazaa To Test Your Security Posture
Rothke Using Kazaa To Test Your Security PostureBen Rothke
 
Lecture on Use of Modern devices and Techniques for Evidence as envisaged in ...
Lecture on Use of Modern devices and Techniques for Evidence as envisaged in ...Lecture on Use of Modern devices and Techniques for Evidence as envisaged in ...
Lecture on Use of Modern devices and Techniques for Evidence as envisaged in ...Ahmad Ali Kasuri Advocate
 
Cyber security assocham
Cyber security assochamCyber security assocham
Cyber security assochamnmrdkoz
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection NetworkAndrew Wong
 
2012 Data Center Security
2012 Data Center Security2012 Data Center Security
2012 Data Center SecuritySzymon Dowgwillowicz-Nowicki
 
Josh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh D
 

Contenu connexe

Tendances

Fighting Fraud With Digital Forensics
Fighting Fraud With Digital ForensicsFighting Fraud With Digital Forensics
Fighting Fraud With Digital ForensicsTOMMY SEAH
 
GTB IRM - Business Use Cases - 2013
GTB IRM - Business Use Cases - 2013GTB IRM - Business Use Cases - 2013
GTB IRM - Business Use Cases - 2013Ravindran Vasu
 
Pawaa OCC Presentation
Pawaa OCC PresentationPawaa OCC Presentation
Pawaa OCC PresentationCloudComputing
 
Gtb Dlp Suite Presentation
Gtb Dlp Suite PresentationGtb Dlp Suite Presentation
Gtb Dlp Suite Presentationgtbsalesindia
 
76 s201924
76 s20192476 s201924
76 s201924IJRAT
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesYury Chemerkin
 
GTB Data Loss Prevention
GTB Data Loss PreventionGTB Data Loss Prevention
GTB Data Loss Preventionrefaeli
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify PillarEd Wong
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
One-stop shop for software development information
One-stop shop for software development informationOne-stop shop for software development information
One-stop shop for software development informationAftab Iqbal
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays Worldgueste0d962
 
Gigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGrant Swanson
 
Rothke Using Kazaa To Test Your Security Posture
Rothke Using Kazaa To Test Your Security PostureRothke Using Kazaa To Test Your Security Posture
Rothke Using Kazaa To Test Your Security PostureBen Rothke
 
Lecture on Use of Modern devices and Techniques for Evidence as envisaged in ...
Lecture on Use of Modern devices and Techniques for Evidence as envisaged in ...Lecture on Use of Modern devices and Techniques for Evidence as envisaged in ...
Lecture on Use of Modern devices and Techniques for Evidence as envisaged in ...Ahmad Ali Kasuri Advocate
 
Cyber security assocham
Cyber security assochamCyber security assocham
Cyber security assochamnmrdkoz
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection NetworkAndrew Wong
 

Tendances (20)

Fighting Fraud With Digital Forensics
Fighting Fraud With Digital ForensicsFighting Fraud With Digital Forensics
Fighting Fraud With Digital Forensics
 
GTB IRM - Business Use Cases - 2013
GTB IRM - Business Use Cases - 2013GTB IRM - Business Use Cases - 2013
GTB IRM - Business Use Cases - 2013
 
Pawaa OCC Presentation
Pawaa OCC PresentationPawaa OCC Presentation
Pawaa OCC Presentation
 
Gtb Dlp Suite Presentation
Gtb Dlp Suite PresentationGtb Dlp Suite Presentation
Gtb Dlp Suite Presentation
 
76 s201924
76 s20192476 s201924
76 s201924
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniques
 
GTB Data Loss Prevention
GTB Data Loss PreventionGTB Data Loss Prevention
GTB Data Loss Prevention
 
N.sai kiran IIITA AP
N.sai kiran IIITA APN.sai kiran IIITA AP
N.sai kiran IIITA AP
 
OMG DDS Security, 3rd revised submission
OMG DDS Security, 3rd revised submissionOMG DDS Security, 3rd revised submission
OMG DDS Security, 3rd revised submission
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify Pillar
 
Week13
Week13Week13
Week13
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 
One-stop shop for software development information
One-stop shop for software development informationOne-stop shop for software development information
One-stop shop for software development information
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
 
Gigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control System
 
Rothke Using Kazaa To Test Your Security Posture
Rothke Using Kazaa To Test Your Security PostureRothke Using Kazaa To Test Your Security Posture
Rothke Using Kazaa To Test Your Security Posture
 
Lecture on Use of Modern devices and Techniques for Evidence as envisaged in ...
Lecture on Use of Modern devices and Techniques for Evidence as envisaged in ...Lecture on Use of Modern devices and Techniques for Evidence as envisaged in ...
Lecture on Use of Modern devices and Techniques for Evidence as envisaged in ...
 
Cyber security assocham
Cyber security assochamCyber security assocham
Cyber security assocham
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
 

Similaire à Online DFS

Josh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh D
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
Implementing Big Data at the Speed of Business
Implementing Big Data at the Speed of BusinessImplementing Big Data at the Speed of Business
Implementing Big Data at the Speed of BusinessDataWorks Summit
 
ASFWS 2011 - Secure software development for mobile devices
ASFWS 2011 - Secure software development for mobile devicesASFWS 2011 - Secure software development for mobile devices
ASFWS 2011 - Secure software development for mobile devicesCyber Security Alliance
 
How a Cloud Computing Provider Reached the Holy Grail of Visibility
How a Cloud Computing Provider Reached the Holy Grail of VisibilityHow a Cloud Computing Provider Reached the Holy Grail of Visibility
How a Cloud Computing Provider Reached the Holy Grail of Visibilityeladgotfrid
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
Defining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case AssessmentDefining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case AssessmentAubrey Owens
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Splunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Intel IT Center
 
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYjmical
 
Virtual Gov Day - Application Delivery Breakout - Overview
Virtual Gov Day - Application Delivery Breakout - OverviewVirtual Gov Day - Application Delivery Breakout - Overview
Virtual Gov Day - Application Delivery Breakout - OverviewSplunk
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyTyler Shields
 
2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINAL2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINALRick Kingsley
 
Cybersecurity exchange briefing oct 2012 v2
Cybersecurity exchange briefing oct 2012 v2Cybersecurity exchange briefing oct 2012 v2
Cybersecurity exchange briefing oct 2012 v2Naba Barkakati
 

Similaire à Online DFS (20)

2012 Data Center Security
2012 Data Center Security2012 Data Center Security
2012 Data Center Security
 
Josh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner Event
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
Implementing Big Data at the Speed of Business
Implementing Big Data at the Speed of BusinessImplementing Big Data at the Speed of Business
Implementing Big Data at the Speed of Business
 
ASFWS 2011 - Secure software development for mobile devices
ASFWS 2011 - Secure software development for mobile devicesASFWS 2011 - Secure software development for mobile devices
ASFWS 2011 - Secure software development for mobile devices
 
How a Cloud Computing Provider Reached the Holy Grail of Visibility
How a Cloud Computing Provider Reached the Holy Grail of VisibilityHow a Cloud Computing Provider Reached the Holy Grail of Visibility
How a Cloud Computing Provider Reached the Holy Grail of Visibility
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
 
Defining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case AssessmentDefining a Legal Strategy ... The Value in Early Case Assessment
Defining a Legal Strategy ... The Value in Early Case Assessment
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
Splunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk - Verwandeln Sie Datensilos in Operational Intelligence
Splunk - Verwandeln Sie Datensilos in Operational Intelligence
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
 
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
 
Virtual Gov Day - Application Delivery Breakout - Overview
Virtual Gov Day - Application Delivery Breakout - OverviewVirtual Gov Day - Application Delivery Breakout - Overview
Virtual Gov Day - Application Delivery Breakout - Overview
 
encase enterprise
encase enterprise encase enterprise
encase enterprise
 
Dirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your PrivacyDirty Little Secret - Mobile Applications Invading Your Privacy
Dirty Little Secret - Mobile Applications Invading Your Privacy
 
2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINAL2015 Angelbeat_ConvergenceMsg-FINAL
2015 Angelbeat_ConvergenceMsg-FINAL
 
Cybersecurity exchange briefing oct 2012 v2
Cybersecurity exchange briefing oct 2012 v2Cybersecurity exchange briefing oct 2012 v2
Cybersecurity exchange briefing oct 2012 v2
 
Webinar on Enterprise Security & android
Webinar on Enterprise Security & androidWebinar on Enterprise Security & android
Webinar on Enterprise Security & android
 

Plus de Pablo Llanos Urraca

Eltein mantenimiento informatico
Eltein mantenimiento informaticoEltein mantenimiento informatico
Eltein mantenimiento informaticoPablo Llanos Urraca
 
El swing plate de una hp laser jet 4200
El swing plate de una hp laser jet 4200El swing plate de una hp laser jet 4200
El swing plate de una hp laser jet 4200Pablo Llanos Urraca
 
Delitos Informáticos. Análisis Forense
Delitos Informáticos. Análisis ForenseDelitos Informáticos. Análisis Forense
Delitos Informáticos. Análisis ForensePablo Llanos Urraca
 

Plus de Pablo Llanos Urraca (9)

Teldat formación
Teldat formaciónTeldat formación
Teldat formación
 
Eltein en la revista Koop
Eltein en la revista KoopEltein en la revista Koop
Eltein en la revista Koop
 
Manual erd commander
Manual erd commanderManual erd commander
Manual erd commander
 
Eltein mantenimiento informatico
Eltein mantenimiento informaticoEltein mantenimiento informatico
Eltein mantenimiento informatico
 
El swing plate de una hp laser jet 4200
El swing plate de una hp laser jet 4200El swing plate de una hp laser jet 4200
El swing plate de una hp laser jet 4200
 
Stycol900
Stycol900Stycol900
Stycol900
 
Analisis de En Case Forensics
Analisis de En Case ForensicsAnalisis de En Case Forensics
Analisis de En Case Forensics
 
Reparacion de pantallas LG
Reparacion de pantallas LGReparacion de pantallas LG
Reparacion de pantallas LG
 
Delitos Informáticos. Análisis Forense
Delitos Informáticos. Análisis ForenseDelitos Informáticos. Análisis Forense
Delitos Informáticos. Análisis Forense
 

Dernier

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Dernier (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Online DFS

  • 1. Cyber Security Technologies Presentation of the OnLine Digital Forensic Suite™ Next-generation software for investigations of live computers in networks . . . OnLineDFS Introduction - Proprietary & Confidential - Page 1
  • 2. Focus OnLine Digital Forensic Suite™ is a software product for the real-time investigation of live, running systems in networks Product Heritage  Core technology developed with SBIR funding from the US Air Force  Productized for commercial market  Patent pending OnLineDFS Introduction - Proprietary & Confidential - Page 2
  • 3. Intended Uses Target Markets Target Applications  Fortune 5000  Incident Response Corporations  Insider Threat  Government Agencies  External Threat  Integrators  Compliance  Service Providers  Information Assurance  Law Enforcement  E-Discovery  Criminal Investigations OnLineDFS Introduction - Proprietary & Confidential - Page 3
  • 4. OnLineDFS™ Deployment Corporate System Under Investigation Multi-User Version Depicted Headquarters Servers Investigator (Browser interface) Corporate Manufacturing Locations NOC (or other secure location) Network OnLineDFS Application Any Location: & Data Store • Corporate • Field Location • Law Enforcement • Service Provider • Home Office, Hotel, etc. Note: Browser interface and System Under Investigation OnLineDFS™ application can Regional co-reside Offices wired/wireless/mobile System Under Investigation OnLineDFS Introduction - Proprietary & Confidential - Page 4
  • 5. OnLineDFS Today  Volatile State Data  Memory  Persistent data  29 sources of  Acquisition  Files, folders, running state data directories,  Examination captured from metadata, etc. Windows targets,  Search  Unallocated and similar with Unix  Registry and Linux targets slack space  Walk  Acquisition  Capture, search  Acquisition  Examination  Image disk  Search Most volatile Persistent Summary of OnLineDFS Functionality OnLineDFS Introduction - Proprietary & Confidential - Page 5
  • 6. Key Attributes  Built for the examination of running systems  Collects information that is lost when computer is shut down  Strong emphasis on volatile data and live examination of persistent data for rapid mitigation of risk  “Plug-and-play” deployment  OnLineDFS installed on network or subnet – no physical contact with target system required  No pre-installed agents  Straightforward, simple architecture  Simple set-up and operation  Technology can be readily integrated with other technologies  Investigate from anywhere, to anywhere  Investigator can work where the application is, or remotely from anywhere with Internet connectivity  Investigations performed though secure network connection  Wired/wireless/mobile targets OK  Discreet, non-disruptive:  Computer being analyzed is left in place  No end-user involvement needed  Investigative activity very difficult to detect  Stable, solid product  Release 3.6  Designed to adhere to forensic best practices 4 OnLineDFS Introduction - Proprietary & Confidential - Page 6
  • 7. OnLineDFS Advantages  Designed for use in an enterprise environment  Built for on-line, real-time, networked world  Drill down live to hosts with issues of investigative interest  Proactive tool to address issues as they are happening  No pre-installed agents  Plug-and-play product based on simple architecture, very easy to deploy, maintain and use  Discreet, unobtrusive, does not disrupt operations  Flexible analytical approach fits real world  Go where the data takes you, acquire what you need  Enhances investigation productivity and timeliness  Leverages investment in third-party tools  Adheres to forensic best practices OnLineDFS Introduction - Proprietary & Confidential - Page 7
  • 8. OnLineDFS Delivers Law Enforcement An effective tool for investigations in an enterprise environment Enterprises A cost-effective tool to mitigate risk, conduct investigations effectively Service Providers A tool to deliver outstanding customer timeliness and value OnLineDFS Introduction - Proprietary & Confidential - Page 8
  • 9. Volatile Data Acquisition OnLineDFS Introduction - Proprietary & Confidential - Page 9
  • 10. Memory and Registry OnLineDFS Introduction - Proprietary & Confidential - Page 10
  • 11. Persistent Data OnLineDFS Introduction - Proprietary & Confidential - Page 11
  • 12. Data Analysis OnLineDFS Introduction - Proprietary & Confidential - Page 12
  • 13. Primary Data and Search OnLineDFS Introduction - Proprietary & Confidential - Page 13
  • 14. Demonstration Scenario  Network security has observed unusual traffic on port 730 of host 192.168.171.202  You are authorized to investigate this host and have the and administrative account and password necessary to perform the investigation OnLineDFS Introduction - Proprietary & Confidential - Page 14
  • 15. Start the Investigation OnLineDFS Introduction - Proprietary & Confidential - Page 15
  • 16. Perform the Initial Acquire OnLineDFS Introduction - Proprietary & Confidential - Page 16
  • 17. Initial Acquire Completed OnLineDFS Introduction - Proprietary & Confidential - Page 17
  • 18. Let’s look at the Volatile Data OnLineDFS Introduction - Proprietary & Confidential - Page 18
  • 19. Look at Port 730 details OnLineDFS Introduction - Proprietary & Confidential - Page 19
  • 20. Let’s look at WINWORD OnLineDFS Introduction - Proprietary & Confidential - Page 20
  • 21. Dig Deeper OnLineDFS Introduction - Proprietary & Confidential - Page 21
  • 22. And Deeper OnLineDFS Introduction - Proprietary & Confidential - Page 22
  • 23. Acquire the WINWORD.exe OnLineDFS Introduction - Proprietary & Confidential - Page 23
  • 24. Acquire the WINWORD.exe OnLineDFS Introduction - Proprietary & Confidential - Page 24
  • 25. Acquire the WINWORD.exe OnLineDFS Introduction - Proprietary & Confidential - Page 25
  • 26. Acquire Completed OnLineDFS Introduction - Proprietary & Confidential - Page 26
  • 27. Let’s search within the acquired file OnLineDFS Introduction - Proprietary & Confidential - Page 27
  • 28. Search Completed with 5 matches OnLineDFS Introduction - Proprietary & Confidential - Page 28
  • 29. Let’s acquire memory OnLineDFS Introduction - Proprietary & Confidential - Page 29
  • 30. Background Task OnLineDFS Introduction - Proprietary & Confidential - Page 30
  • 31. Memory Acquire Completed OnLineDFS Introduction - Proprietary & Confidential - Page 31
  • 32. View Memory OnLineDFS Introduction - Proprietary & Confidential - Page 32
  • 33. Search for “Keylogger” OnLineDFS Introduction - Proprietary & Confidential - Page 33
  • 34. Search Results-Six Matches OnLineDFS Introduction - Proprietary & Confidential - Page 34
  • 35. Looks like a credit card entry OnLineDFS Introduction - Proprietary & Confidential - Page 35
  • 36. Let’s find the suspect OnLineDFS Introduction - Proprietary & Confidential - Page 36
  • 37. Start a new inquiry OnLineDFS Introduction - Proprietary & Confidential - Page 37
  • 38. Look at Port 1142 OnLineDFS Introduction - Proprietary & Confidential - Page 38
  • 39. Have a look at Telnet OnLineDFS Introduction - Proprietary & Confidential - Page 39
  • 40. Search for credit card format OnLineDFS Introduction - Proprietary & Confidential - Page 40
  • 41. Let’s find Amazon OnLineDFS Introduction - Proprietary & Confidential - Page 41
  • 42. Same data- he is the bad guy OnLineDFS Introduction - Proprietary & Confidential - Page 42
  • 43. Comprehensive Documentation OnLineDFS Introduction - Proprietary & Confidential - Page 43
  • 44. Let’s Review the Investigation  Acquired volatile data from host A  Looked at port 730 details and found WINWORD.exe  Acquired the WINWORD.exe file  Determined that it is a keylogger  Acquired memory and found the keylogger program and credit card data  Referred back to the port 730 details and identified the IP address and port of the host connected to host A OnLineDFS Introduction - Proprietary & Confidential - Page 44
  • 45. Let’s Review the Investigation  With this information, initiated a second investigation on host B  From the volatile data acquired, we identified telnet as the process associated with port 1142  Acquired memory and found the exact same credit card data as was found in the memory of host A  Automatically generated detailed and thorough documentation of the entire investigation OnLineDFS Introduction - Proprietary & Confidential - Page 45
  • 46. Cyber Security Technologies Questions? OnLineDFS Introduction - Proprietary & Confidential - Page 46