Magnet User Summit 2019 April 2, 2019

Magnet User Summit 2019 – April 2, 2019

Leveraging PowerShell and Python for Incident Response and Live Forensic Applications

Chet Hosmer, Author, Python Forensics

This lecture/demonstration brings together the Python Programming Language and Microsoft’s PowerShell to address digital investigations at a new level. PowerShell provides digital investigators with a rich set of cmdlets and deep access to the internals of the Windows Desktop, Cloud Services and now Linux and Mac. The Python development environment provides a rich scripting environment allowing for the rapid development of new tools, deep analysis, automation and correlation of evidence. Integrating the best of both technologies facilitates the creation of next-generation solutions for incident response, live forensic investigation, and e-Discovery. During this session, participants will: Learn the fundamentals of both Powershell and Python, experience the value of integrating PowerShell and Python, and learn how to apply these open source integrations to current challenges.

Posted in Conference Training, Uncategorized | Comments Off on Magnet User Summit 2019 April 2, 2019

PFIC-2018

Paraben Forensic Innovation Conference

PFIC 2018, Sept 5-6, Park City Utah

Another fantastic year with the team at Paraben.  In beautiful Park City, Utah with the latest cutting edge sessions covering digital investigations and incident response.

My training session this year focused on the use of Python for digital investigations.

Posted in Conference Training | Comments Off on PFIC-2018

HTCIA-2018

High Tech Crimes International 2018, Washington D.C. August 19-22

The phenomena of Fake Photos, Audio and Video have become viral.  Just one example according to the Washington Post (2017),

“following an attack on the London Bridge that killed eight people, fake photos started popping up of individuals falsely labeled as missing. Internet trolls widely shared a grainy picture of a man driving a silver car and said it was a picture of the suspect. (It turned out to be an old photo of a controversial but unrelated American comedian.)”

This activity has become commonplace on the Internet and Social Media and the results in many cases end up on the nightly news as FACTS.  Not only is this practice extremely dangerous and unethical but it is simply fraud.

Our ability to separate Legitimate from Fake digital photos that are created with sophisticated Artificial Intelligence methods is vital.  Once we do, we can prosecute those that conduct this activity for economic, political or other even more nefarious motives.

During this training session methods for the creating of fake photos and the detection of them was presented.

References:

William Wan (2017, July 17). “Many people can’t tell when photos are fake. Can you?”  The Washington Post. Retrieved from
hhttps://www.washingtonpost.com/news/speaking-of-science/wp/2017/07/17/many-people-cant-tell-when-photos-are-fake-can-you/?utm_term=.a3d49aa09c97 ttp://www.someaddress.com/full/url/

 

Posted in Conference Training | Comments Off on HTCIA-2018

DFRWS-2018

Digital Forensic Research Workshop 2018, Providence, RI

Another great DFRWS event.

This year, I demonstrated the use of a Raspberry Pi coupled with a dedicated Python script to monitor, detect, respond and record evidence of aberrant behavior within targeted network environments (such as IoT and ICS).

The demonstration illustrated how a simple $35 Raspberry Pi can deliver vital information, evidence, and reason about an attacker’s methods and motives.

 

Posted in Conference Training | Comments Off on DFRWS-2018

DEFCON 2018 – USA

August 11, 2018, DEFCON Skytalks and Wall of Sheep

Chet Hosmer and Mike Raggo, Exploiting IoT Communications, A Cover within a Cover

IoT offers new protocols and frequencies over which communication travels. Due to lack of familiarity amongst most enterprises, most organizations are ill-equipped to monitor or detect these mysterious channels.

This introduces a plethora of covert channels by which data could be exfiltrated, or malware to be infiltrated into the network.

In this session, we explore this new frontier by focusing on new methods of IoT protocol exploitation by revealing research conducted over the last 2 years. Detailed examples will be provided, as well as a demo of a python tool for exploiting unused portions of protocol fields.

From our research, we’ll also reveal new methods of detecting aberrant behavior emanating to/from these devices gathered from our lab and real-world testing.

DEFCON-26

Posted in Conference Training | Comments Off on DEFCON 2018 – USA

April 11, 2019 Cybersecurity Innovation Forum at George Mason University

April 11, 2018 Cybersecurity Innovation Forum at George Mason University

Using a Raspberry Pi as a Passive Network Sensor

Another great evening with the Innovation Forum at GMU, presenting the Raspberry Pi Sensor project to a packed house.

Great working with J.P. Auffret and the whole GMU Team.

Posted in Guest Lecture | Comments Off on April 11, 2019 Cybersecurity Innovation Forum at George Mason University

RSA 2018 Presentation

RSA Conference – 2018 April 15-20

Exfiltrating Data through IoT

RSA Security Conference, San Francisco , CA April 20, 2018 | 10:15 AM – 11:00 AM

Co-Presenters: Mike Raggo and Chet Hosmer

Overview

IoT offers a plethora of new protocols and frequencies over which communication travels. Protocols and services such as SSDP, P25, Zigbee, Z-Wave, WiFi and more provide countless ways to exfiltrate data or infiltrate the network. Through real-world examples, sample code and demos, presenters will bring to light these threats and new methods for detecting aberrant behavior emanating to/from these devices.

Hope to see you there.

Posted in Announcement | Comments Off on RSA 2018 Presentation

HTCIA International Conference 2017

HTCIA Conference 2017

Python Forensics is proud to once again sponsor the HTCIA International Conference

Oct 1-5 in Anaheim California.

We will be exhibiting, speaking and training at this years event.  Please stop by our both and/or attended one of our Labs or Lectures.

Leveraging PowerShell with Cool Python Scripts

Rancho Las Palmas

Monday 10:45 AM – 2:15 PM  and 
Tuesday 2:30 PM – 5:00 PM
This hands-on lab brings together the Python Programming Language and Microsoft’s PowerShell to address digital investigations at a whole new level. PowerShell provides digital investigators with a rich set of cmdlets and deep access to the internals of both the Windows Desktop and Enterprise. The Python development environment provides a rich scripting environment allowing for the rapid development of new tools for investigation, automation and deep analysis. Integrating the best of both technologies facilitates the creation of next generation solutions for incident response forensic live forensic investigation and e-Discovery. During this hands-on lab session, participants will: – Learn the fundamentals of both Powershell and Python. – Use existing PowerShell and Python scripts to extract and examine evidence. – Apply PowerShell and Python to specific Forensics and Incident Response challenges. – Use Python to leverage existing PowerShell CmdLets to perform advanced evidence acquisition.

Speaker: Chet Hosmer

Python Passive IoT Investigations using a Raspberry Pi

Grand Ballroom A

Tuesday 9:00 AM – 10:00 AM
This lecture demonstrates the use of a Raspberry Pi coupled with a dedicated Python script to monitor, detect, respond and record evidence of aberrant behavior originating from or directed to Internet of Things (IoT) devices. The proliferation of IoT devices in business, home, industrial applications, mobile devices, transportation systems, health-care, surveillance systems and government applications has been explosive. “McKinsey estimates the total IoT market size in 2015 was up to $900M, growing to $3.7B in 2020” (McKinsey 2016) The impact on digital investigations based on the rapid proliferation of IoT is significant. The IoT devices, their networks and related cloud based systems have the potential of holding key information related to traditional criminal activity, as well as detailed evidence associated with Internet based attacks including vital data regarding those responsible. During this lecture and live demonstration, attack methods and exfiltration examples will be covered in detail. In addition, a Raspberry Pi, will be used to monitor, detect, react and record evidence of live attempted attacks and exfiltration exploits of the IoT devices being monitored. A detailed walk-through of the Python script used to perform the monitoring, detection, reaction and evidence capture methods will also be provided.

Speaker: Chet Hosmer

Posted in Conference Training | Comments Off on HTCIA International Conference 2017