The Volatility team will give a talk at the next NYC4SEC meetup on memory forensics on May 8th, 2014 at John Jay College. Make sure to RSVP if you are planning to attend, since there is limited seating!
Thanks For the Memory: Rootkits, Exfil and APT - RAM Conquers All
The ability to perform digital investigations and incident response
is becoming a critical skill for many occupations. Unfortunately,
digital investigators frequently lack the training or experience to take
advantage of the volatile artifacts found in physical memory. Volatile
memory contains valuable information about the runtime state of the
system, provides the ability to link artifacts from traditional forensic
analysis (network, file system, registry), and provides the ability to
ascertain investigative leads that have been unbeknownst to most
analysts. Malicious adversaries have been leveraging this knowledge
disparity to undermine many aspects of the digital investigation process
with such things as anti-forensics techniques, memory resident malware,
kernel rootkits, encryption (file systems, network traffic, etc), and
Trojan defenses. The only way to turn-the-tables and defeat a creative
digital human adversary is through talented analysts.
This talk demonstrates the importance of including Volatile memory in
your investigations with an overview of the most widely used memory
forensics tool, Volatility, by its developers.
-@gleeda
Showing posts with label john jay. Show all posts
Showing posts with label john jay. Show all posts
Monday, April 14, 2014
Friday, March 23, 2012
Upcoming Cybercrime Studies talk: For a Free Digital Society by Dr. Richard Stallman
Yet another interesting upcoming talk at John Jay College on Tuesday March 27, 2012:
Center for Cybercrime Studies
John Jay College of Criminal Justice
presents
For a Free Digital Society
Dr. Richard Stallman
President
Free Software Foundation
Abstract
Activities directed at ``including'' more people in the use of digital technology are predicated on the assumption that such inclusion is invariably a good thing. It appears so, when judged solely by immediate practical convenience. However, if we also judge in terms of human rights, whether digital inclusion is good or bad depends on what kind of digital world we are to be included in. If we wish to work towards digital inclusion as a goal, it behooves us to make sure it is the good kind.
Richard Stallman launched the free software movement in 1983 and started the development of the GNU operating system (see www.gnu.org) in 1984. GNU is free software: everyone has the freedom to copy it and redistribute it, with or without changes. The GNU/Linux system, basically the GNU operating system with Linux added, is used on tens of millions of computers today. Stallman has received the ACM Grace Hopper Award, a MacArthur Foundation Fellowship, the Electronic Frontier Foundation's Pioneer Award, and the Takeda Award for Social/Economic Betterment, as well as several honorary doctorates.
Date: Tuesday, March 27, 2012
Time: 1:30 PM
Location: L.61 Conference Center (New Building)
John Jay College of Criminal Justice
899 Tenth Avenue
New York, NY
RSVP: Nicole Daniels at 212-237-8920 or email ndaniels@jjay.cuny.edu. For additional information please contact Professor Doug Salane, Director of the Center for Cybercrime Studies, 212-237-8836 or email dsalane@jjay.cuny.edu.
For additional Center for Cybercrime Studies events visit our web site. Go to WWW.JJAY.CUNY.EDU , ACADEMICS, RESEARCH CENTERS and INSTITUTES.
Friday, March 16, 2012
Upcoming Cybercrime Studies talk: Digital Forensic Crime Labs
I just wanted to take the time to announce the following upcoming talk at John Jay College next week:
The Center for Cybercrime Studies
John Jay College of Criminal Justice
Presents
Digital Forensic Crime Labs
Monique Mattei Ferraro
M.S., J.D., CISSP
Technology Forensics, LLC
Digital forensics labs throughout the country were set up and subsidized by United States Department of Justice. Most labs are administered by police or law enforcement agencies. In 2009, the National Academy of Science released “Strengthening Forensic Science in the United States: A Path Forward,” which made several recommendations. Among the recommendations were that criminal labs should be independent of police/law enforcement in order to retain an appearance of objectivity. This talk delves into the tensions between the recommendations and the practice, the ethical implications and current issues affecting digital forensics labs today.
Date: Wednesday, March 21, 2012
Time: 1:30 PM
Location: Haaren Hall, RM 630
899 Tenth Avenue
(10th Avenue and 59th Street)
RSVP: Nicole Daniels at 212-237-8920 or email ndaniels@jjay.cuny.edu. For additional information please contact Professor Doug Salane, Director of the Center for Cybercrime Studies, 212-237-8836 or email dsalane@jjay.cuny.edu.
For additional Center for Cybercrime Studies events visit our Web site (http://www.jjay.cuny.edu/
Tuesday, March 22, 2011
John Jay Center for Cybercrime Studies Talk: 3/29/11 2PM
There's an upcoming talk at The Center for Cybercrime Studies, John Jay College of Criminal Justice next week (Tuesday March 29th, 2011 2:00 PM) that may interest some of you in the NYC area:
Events will take place at
John Jay College of Criminal Justice
899 Tenth Avenue
Room 630T, Haaren Hall
(between 58th and 59th Streets.)
RSVP to Nicole Daniels (ndaniels@jjay.cuny.edu: 212.237.8920).
Cyber Criminals: Who are they? Why are they successful? How do we respond?
Kim Peretti
Director, Forensic Services Practices
PricewaterhouseCoopers LLP
Formerly Senior Counsel
US Dept. of Justice, Criminal Division
Computer Crime and Intellectual Property Section
This session will walk through recent prosecutions of sophisticated hacking rings in order to provide insight into the individuals behind these types of crimes and why they are successful. This presentation will also discuss the emerging area of cyber forensics and methods by which entities can better prevent, detect, and respond to cyber attacks on their systems.
Events will take place at
John Jay College of Criminal Justice
899 Tenth Avenue
Room 630T, Haaren Hall
(between 58th and 59th Streets.)
RSVP to Nicole Daniels (ndaniels@jjay.cuny.edu: 212.237.8920).
Wednesday, January 05, 2011
NYC4SEC Meeting 1/19/2011
There is an NYC4SEC meeting this month on 1/19/2011. This month our speaker is Jon Stewart who will be giving a talk about his new tool: Lightgrep. Details are below:
Don't forget to RSVP!!!
Thanks to Douglas Brush, Prof Bilal Khan, Prof Douglas Salane and Prof Richard Lovely for helping to make this possible.
Lightgrep - Fast Keyword Searching for Forensics
Dislike waiting 5 days for your keyword search to complete? Been brought to tears by thousands of keywords? Lost faith in your forensics tools when they didn't find all the hits they should have? Come to this talk to see the first public demonstration of Lightgrep, a new regular expressions search tool designed specifically for forensics.
Search is a fundamental part of forensics, useful not only for discovering relevant documents and snippets of text, but also artifacts, files in unallocated space, and file signature analysis. We will discuss the basic principles behind how a grep search works, why it's important to consider how multiple keywords are handled, and how to validate a search tool's results. Finally, we'll show Lightgrep, a tool that allows for fast searching for thousands of keywords, with full EnCase integration.
Please join us on Wednesday, January 19th, 7:00pm at John Jay College - Forensic Computing Program and the Center for Cybercrime Studies
899 Tenth Avenue - btwn 58th & 59th
Room 610T - 6th Floor
Don't forget to RSVP!!!
Thanks to Douglas Brush, Prof Bilal Khan, Prof Douglas Salane and Prof Richard Lovely for helping to make this possible.
Thursday, January 28, 2010
Cybercrime Studies: File Carving for Forensics Recovery
There is an upcoming talk at John Jay College that should be interesting:
File Carving for Forensics Recovery
Nasir Memon
Professor of Computer Science
Director of the Information Systems and Internet Security (ISIS) Lab
Polytechnic Institute of New York University
As the number of digital devices in use continues to increase, there has also been an increase in the seizure and analysis of digital data for forensic purposes. One of the areas of high forensic interest is in the recovery of digital data from devices. In cases where the file system information for a digital device is missing or corrupt, newer data recovery techniques involving a process known as file carving are used to recover the data. This talk describes the need for and evolution of file carving, and presents the various technologies that have been used to improve file carving recovery, including our own Smart Carving techniques.
RSVP: Nicole Daniels at 212-237-8920 or email ndaniels@jjay.cuny.edu.
For additional information please contact Professor Doug Salane, Director of the Center for Cybercrime Studies, at 212-237-8836 or email dsalane@jjay.cuny.edu.
File Carving for Forensics Recovery
Nasir Memon
Professor of Computer Science
Director of the Information Systems and Internet Security (ISIS) Lab
Polytechnic Institute of New York University
As the number of digital devices in use continues to increase, there has also been an increase in the seizure and analysis of digital data for forensic purposes. One of the areas of high forensic interest is in the recovery of digital data from devices. In cases where the file system information for a digital device is missing or corrupt, newer data recovery techniques involving a process known as file carving are used to recover the data. This talk describes the need for and evolution of file carving, and presents the various technologies that have been used to improve file carving recovery, including our own Smart Carving techniques.
Date: Tuesday, February 9, 2010
Time: Reception – 1:45pm, Lecture – 2:00 pm
Location: Room 630T, Haaren Hall
899 Tenth Avenue, New York City 10019
RSVP: Nicole Daniels at 212-237-8920 or email ndaniels@jjay.cuny.edu.
For additional information please contact Professor Doug Salane, Director of the Center for Cybercrime Studies, at 212-237-8836 or email dsalane@jjay.cuny.edu.
Sunday, December 20, 2009
Audience Participation Time
While catching up on some reading over at Harlan's blog I started thinking about all of the programming I've done in the past year or so. I really appreciate all of the hard work that goes into developing programs like RegRipper and countless others. It's cool when people are able to share tools they have developed to solve problems they have encountered in the field. It's also cool when people who are in the field are able to solve the problems themselves. I have been thinking about whether or not someone who is working in the field of digital forensics really needs to know a programming language or not. My thoughts are yes (which is influenced by what I see around me and may be biased, considering that I do a lot of programming), but I can see how some people may think differently. The reason why I bring this up is because this question has been in the back of my mind since my last discussion with someone from my alma mater, John Jay College.
John Jay's MS in Forensic Computing has been established since 2004 and it has been evolving ever since its conception. The courses of the program have roughly contained a lot of hands on labs as well as theory (algorithms, cryptography, network protocols etc) and programming (various scripting, C Linux OS) in addition to Criminal Justice courses on laws regarding digital evidence. The question has come up several times as to whether or not the theoretical and programming courses are needed in the background of someone who wants to be a forensic examiner.
When I was in attendance there, the general feeling from *some* (not all) of my colleagues was that they didn't need to learn programming and theory in order to work as a forensic examiner. They said they only needed to learn how to use tool XXX or YYY and get a certification in A, B, and/or C they would be set... Perhaps they were right in some way, as they went on to find jobs where that was enough for them. The debate continues about the direction of the program and whether or not theory and programming are needed and whether or not some kind of certification should be obtained instead.
Having been out in the "real world" for a little while, I see a lot of people who do not need any programming knowledge whatsoever to fulfill their jobs. There are plenty of tools that they are more than proficient in using and I'm not knocking their skills, because they are really quite knowledgeable at what they do. However, there are many times that tool XXX or tool YYY doesn't do whatever it should normally, or it cannot fulfill the job the way the client would like. Having a little programming knowledge helps out immensely in these cases. In addition to the EnScripts I have written at work, I have written a lot of Perl scripts, *nix scripts, Visual Basic programs, SQL queries etc. to get the job done. I have also taken someone else's code in language X, Y or Z and tweaked it to run the way I needed it to for a particular job. Now I concede that it's not every day that I need to write these customizations, but it happens enough that I'm glad I can do it.
I often hear from colleagues at work or elsewhere that they wish they knew how to program in X or Y so they could write their own tools to do something. I have suggested books or websites from which they could glean this wanted knowledge. This often comes with some "stern" advice that they must also practice programming if they want it to stick. Some have taken my advice, some probably just don't have the time for it...
So after much rambling on the subject, what do you think? How often do you wish/are you glad that you knew how to program? How often would it have helped you/does it help you on your job as a forensic examiner/incident responder?
Don't be afraid to comment. I only moderate to keep down on the spam (which I seem to get a lot of for some reason).
John Jay's MS in Forensic Computing has been established since 2004 and it has been evolving ever since its conception. The courses of the program have roughly contained a lot of hands on labs as well as theory (algorithms, cryptography, network protocols etc) and programming (various scripting, C Linux OS) in addition to Criminal Justice courses on laws regarding digital evidence. The question has come up several times as to whether or not the theoretical and programming courses are needed in the background of someone who wants to be a forensic examiner.
When I was in attendance there, the general feeling from *some* (not all) of my colleagues was that they didn't need to learn programming and theory in order to work as a forensic examiner. They said they only needed to learn how to use tool XXX or YYY and get a certification in A, B, and/or C they would be set... Perhaps they were right in some way, as they went on to find jobs where that was enough for them. The debate continues about the direction of the program and whether or not theory and programming are needed and whether or not some kind of certification should be obtained instead.
Having been out in the "real world" for a little while, I see a lot of people who do not need any programming knowledge whatsoever to fulfill their jobs. There are plenty of tools that they are more than proficient in using and I'm not knocking their skills, because they are really quite knowledgeable at what they do. However, there are many times that tool XXX or tool YYY doesn't do whatever it should normally, or it cannot fulfill the job the way the client would like. Having a little programming knowledge helps out immensely in these cases. In addition to the EnScripts I have written at work, I have written a lot of Perl scripts, *nix scripts, Visual Basic programs, SQL queries etc. to get the job done. I have also taken someone else's code in language X, Y or Z and tweaked it to run the way I needed it to for a particular job. Now I concede that it's not every day that I need to write these customizations, but it happens enough that I'm glad I can do it.
I often hear from colleagues at work or elsewhere that they wish they knew how to program in X or Y so they could write their own tools to do something. I have suggested books or websites from which they could glean this wanted knowledge. This often comes with some "stern" advice that they must also practice programming if they want it to stick. Some have taken my advice, some probably just don't have the time for it...
So after much rambling on the subject, what do you think? How often do you wish/are you glad that you knew how to program? How often would it have helped you/does it help you on your job as a forensic examiner/incident responder?
Don't be afraid to comment. I only moderate to keep down on the spam (which I seem to get a lot of for some reason).
Friday, October 09, 2009
Briefly: Malware Marketing talk at John Jay College
There's an upcoming talk at John Jay College next week that may interest some of you in the NYC area:
Understanding the Market for Malware and Cybercrime
Thursday, Oct. 15, 2009
3:15 pm, room 630T
Tom Holt, Assistant Professor
School of Criminal Justice
Michigan State University
Events will take place at
John Jay College of Criminal Justice
899 Tenth Avenue
(between 58th and 59th Streets.)
RSVP to Nicole Daniels (ndaniels@jjay.cuny.edu: 212.237.8920).
Understanding the Market for Malware and Cybercrime
Thursday, Oct. 15, 2009
3:15 pm, room 630T
Tom Holt, Assistant Professor
School of Criminal Justice
Michigan State University
Events will take place at
John Jay College of Criminal Justice
899 Tenth Avenue
(between 58th and 59th Streets.)
RSVP to Nicole Daniels (ndaniels@jjay.cuny.edu: 212.237.8920).
Friday, June 05, 2009
NeFX 2009
Coming to NYC this summer:
NeFX 2009
The First Annual ACM Northeast Digital Forensics Exchange
July 20-21, 2009 @ John Jay College of Criminal Justice/CUNY (NYC)
The ACM Northeast Digital Forensics Exchange (NeFX) is a workshop, sponsored in part by the National Science Foundation, to foster collaboration on digital forensics and information assurance between federal and state law enforcement, academia, and industry. Our goal is to bring together leading practitioners and academics in order to yield partnerships that advance research on digital forensic science through mutual sharing of the problems of practice and research.
This should be interesting. They have some good speakers lined up and some interesting topics for tutorials. Check the website for more details.
NeFX 2009
The First Annual ACM Northeast Digital Forensics Exchange
July 20-21, 2009 @ John Jay College of Criminal Justice/CUNY (NYC)
The ACM Northeast Digital Forensics Exchange (NeFX) is a workshop, sponsored in part by the National Science Foundation, to foster collaboration on digital forensics and information assurance between federal and state law enforcement, academia, and industry. Our goal is to bring together leading practitioners and academics in order to yield partnerships that advance research on digital forensic science through mutual sharing of the problems of practice and research.
This should be interesting. They have some good speakers lined up and some interesting topics for tutorials. Check the website for more details.
Thursday, September 18, 2008
Visual Forensic Analysis
There's an interesting talk coming up at John Jay College:
Computer Science Department
United States Military Academy
For decades hex was the common tongue of reverse engineers and forensic analysts, but we can do better. Hex editors are the Swiss Army knives of low level analysis and have evolved significantly, but are now at a local maximum. With the tiny textual window hex provides, it is difficult, if not impossible to understand the big picture context and inner workings of binary objects - files, file systems, process memory, and network traffic. While there are helpful tools to analyze the special case of executable files, little work exists to help address the general case of all types of binary objects. This talk presents visual approaches to improve the art and science of forensic analysis, diffing, and reverse engineering, both in the context independent case where little is known about the raw structure of the binary data and at the semantic level where external knowledge can be used to inform analysis. If you are faced with low level analysis tasks, you should attend this talk.
Greg Conti is an Assistant Professor of Computer Science at the United States Military Academy. His research includes security data visualization and web-based information disclosure. He is the author of Security Data Visualization (No Starch Press) and the forthcoming Googling Security (Addison-Wesley). His work can be found at www.gregconti.com and www.rumint.org.
RSVP: Nicole Daniels at 212-237-8920 or email ndaniels@jjay.cuny.edu.
For additional information please contact Professor Doug Salane, Director of the Center for Cybercrime Studies, at 212-237-8836 or email dsalane@jjay.cuny.edu.
The Center for Cybercrime Studies
The John Jay College of Criminal Justice
Presents
Visual Forensic Analysis
Speaker: Greg Conti
Computer Science Department
United States Military Academy
For decades hex was the common tongue of reverse engineers and forensic analysts, but we can do better. Hex editors are the Swiss Army knives of low level analysis and have evolved significantly, but are now at a local maximum. With the tiny textual window hex provides, it is difficult, if not impossible to understand the big picture context and inner workings of binary objects - files, file systems, process memory, and network traffic. While there are helpful tools to analyze the special case of executable files, little work exists to help address the general case of all types of binary objects. This talk presents visual approaches to improve the art and science of forensic analysis, diffing, and reverse engineering, both in the context independent case where little is known about the raw structure of the binary data and at the semantic level where external knowledge can be used to inform analysis. If you are faced with low level analysis tasks, you should attend this talk.
Greg Conti is an Assistant Professor of Computer Science at the United States Military Academy. His research includes security data visualization and web-based information disclosure. He is the author of Security Data Visualization (No Starch Press) and the forthcoming Googling Security (Addison-Wesley). His work can be found at www.gregconti.com and www.rumint.org.
Date: September 24, 2008
Time: 3:30 PM
Location: Mathematics Conference Room - 4238N
445 West 59th Street, New York City 10019
RSVP: Nicole Daniels at 212-237-8920 or email ndaniels@jjay.cuny.edu.
For additional information please contact Professor Doug Salane, Director of the Center for Cybercrime Studies, at 212-237-8836 or email dsalane@jjay.cuny.edu.
Subscribe to:
Posts (Atom)