170 likes | 368 Views
Forensic Analysis : using TSK and Volatility. A bit about Me. Mark Bennett Work for Check Point Software. Incident Response/Forensics for Health Care Firewalls Malware analysis Intrusion Prevention HR/Legal Watching over the enterprise SANS Instructor http://www.sans.org
E N D
A bit about Me • Mark Bennett • Work for Check Point Software. • Incident Response/Forensics for Health Care • Firewalls • Malware analysis • Intrusion Prevention • HR/Legal • Watching over the enterprise • SANS Instructor • http://www.sans.org • http://www.darknet-consulting.com • http://www.pauldotcom.com
Agenda • Metasploit • How to use it • What can you do with it • Making Forensic copies • Copying memory • Copy Hard drive • Timeline analysis • How to create • How to read • Memory analysis • Strings • Volatility • See it live • Wrap up
Live Demo Let’s Do it for Real!!!
Questions/Comments ??????????????????????????????????
Wrap UP • Mark Bennett • http://www.sans.org/mentor • 508 Advanced Forensic Analysis • 408 Windows Forensics • 504 Incident Response • http://www.darknet-consulting.com • http://www.pauldotcom.com • Hack Labs – Metasploit • Be good, be safe, if you are going to hack, hack legally and responsibly – I’m Out!