1 / 24

Pirates vs. Ninjas

Pirates vs. Ninjas. What we learned since MFW 09. We Misunderstand Each Other…. Forensic Scientists: Hackers are those misguided criminal pirates ( aargh !) who care little for methodology and science… and they smell like cheese.

nitza
Download Presentation

Pirates vs. Ninjas

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pirates vs. Ninjas What we learned since MFW 09

  2. We Misunderstand Each Other… • Forensic Scientists: Hackers are those misguided criminal pirates (aargh!) who care little for methodology and science… and they smell like cheese. • Hackers: Forensic Scientists are those talentless nerds in the lab on CSI who care little for ingenious solutions… and they smell like cheese.

  3. Merging Subcultures • BUT the forensic science community and “hacker” communities share some overlapping goals: • Use (or develop) best technologies available for the job • Use clean, beautiful code and techniques • Create an environment that fosters peer review • Inspire others to contribute and build on existing projects • Mutual interest in ridding the world of bad guys ™

  4. Minor Differences…

  5. Appearance Forensics Community: Professional attire provides a visual cue as to the expert’s discipline

  6. Appearance Hacker Community: Fat people are harder to kidnap

  7. Vocabulary Forensics Community: Felon: Any individual who commits a felony

  8. Vocabulary Hacker Community: Felon: Any individual who commits a felony … and gets caught.

  9. Perspective Forensics Community: Suspect: Someone who is under suspicion

  10. Perspective Hacker Community: Suspect: That piece of S*** WHO MUST BE SET ON FIRE.

  11. OK, Not So Minor Differences…

  12. Technology Forensics Community: OPEN SOURCE Tools: Jailbreaking using A crude method to brute force access into a device

  13. Technology Hacking Community: OPEN SOURCE Tools: A foundation for ELEGANT, safe disk-level tools, using REPRODUCIBLE TECHNIQUES… but making it look so awesome you’d think we used black magic

  14. Legal FORENSICS Community: LEGAL: Whatever Apple says is legal.

  15. Legal HACKER Community: LEGAL: Whatever the law says is legal, based on fair use case law.

  16. But we can get along…

  17. Best Technology and Practices… • We already had the best technology at the time, but… • MFW 09 communicated the importance of: • Simplifying tools to reduce mistakes • Reducing dependence on third party applications • Making our methods more understandable • Making our imaging time faster • Taking a minimalist approach to imaging

  18. ICAC Workshop • Oct 19-22 “Forensics Camp 2010” • 40 seats available: ICAC members ONLY • Registration is FREE • You’ll receive around $10,000 of training FREE. • Jonathan Zdziarski, Andrew Hoog, Sam Brothers, Ryan Kubasiak, RCFL: 4 days of intense broad-based digital forensic training • Oh, and some of us are hackers.

  19. Best Technology and Practices… • The latest iPhone/iPad forensic suite: • Simplifying tools to reduce mistakes • No more deep firmware manipulation • Just a couple simple scripts • Reducing dependence on third party applications • No more Pwnage “jailbreak” tool, no more iTunes • Making our methods more understandable • Better documentation and workshop slides • Making our imaging time faster • Ride atop Apple’s high speed usbmux protocol • Taking a minimalist approach to imaging • No firmware rewrite, no kernel patching • All OS-level operations performed from RAM

  20. Clean/Beautiful Code • Don’t hate me because I’m beautiful… • Recovery agent ~20 lines of code, < 10K • All shell scripts are, by definition, open source; cleanly written • Tiny (10K) footprint in protected, read-only OS space • Password removal is now a controlled 2-byte write to user

  21. Peer Review • Approved for use by three-letter law enforcement agencies and in the defense sector • Still the highest scored iPhone tool in Andrew Hoog’s white paper • Tested daily by over 1,000 law enforcement agencies world-wide • Presently being validated by Sam Brothers (US Customs / Border Protection) • Latest documentation replacing obsolete book free for download • Chicks dig it

  22. Contributions • http://www.iphoneinsecurity.com set up for posting submissions, articles, and papers • All source code readily available on website • A number of very bright people in both communities have been quietly contributing their code and ideas • … the forensics community is invited to participate!

  23. Mutual Interest • Hackers hate rapists, murderers, child molesters, (and sometimes even drug dealers) just as much as the forensics community. • We’re willing to play by your rules and use your requirements to help put together highly advanced solutions. • Please, continue to share your needs (and wants)

  24. Pirates vs. Ninjas Shall we play a game?

More Related