Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword or section
Like this
1Activity

Table Of Contents

Agenda
Normal Forensics Process
TradiFonal Analysis Techniques
The Problem Illustrated
No Disks or Files, Now What?
File Carving
File Carving Cont.
People Have Caught On…
What It Really Means…
What is the SoluFon?
Goal 1: Recovering the File System
The In-Memory Filesystem
AUFS Internals
AUFS Userland View of TAILS
Forensics Approach
Linux Internals Overview I
Linux Internals Overview II
EnumeraFng Directories
Directory EnumeraFon Algorithm
Obtaining a Hidden Directory
Obtaining Metadata
Obtaining a Hidden Inode
Goal 2: Recovering File Contents
Recovering File Contents Cont.
Goal 3: Recovering Deleted Info
Approach
Recovering Deleted Filesystem Structure
Recovering File Contents – Bad News
Summary of File System Analysis
ImplementaFon
Tor Overview
One Slide Technical Overview
Tor Analysis MoFvaFon
Analyzing Memory AcFvity of Tor
IniFal Setup & Analysis
The Poor Man s Test
IniFal Analysis Results
InteresFng Output from Strings
Digging Deeper into Tor
Developed Analysis Scripts
Script 1 - Walking Tor s freelist
Freelist Structure
Script 2- Tor s Cell Pool Cache
Cell Pool Structures & EnumeraFon
Recovery of Packed Cells
Conclusion
Future Work – Live CD Filesystems
Future Work - Tor
Comments? QuesFons?
References
0 of .
Results for:
No results containing your search query
P. 1
BlackHat_DC_2011_Case_De-Anonymizing Live CDs-Slides-1

BlackHat_DC_2011_Case_De-Anonymizing Live CDs-Slides-1

Ratings: (0)|Views: 49 |Likes:
Published by nickszg

More info:

Published by: nickszg on Mar 03, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

03/03/2011

pdf

text

original

You're Reading a Free Preview
Pages 4 to 38 are not shown in this preview.
You're Reading a Free Preview
Pages 42 to 61 are not shown in this preview.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->