Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

Normal Forensics Process
TradiFonal Analysis Techniques
The Problem Illustrated
No Disks or Files, Now What?
File Carving
File Carving Cont.
People Have Caught On…
What It Really Means…
What is the SoluFon?
Goal 1: Recovering the File System
The In-Memory Filesystem
AUFS Internals
AUFS Userland View of TAILS
Forensics Approach
Linux Internals Overview I
Linux Internals Overview II
EnumeraFng Directories
Directory EnumeraFon Algorithm
Obtaining a Hidden Directory
Obtaining Metadata
Obtaining a Hidden Inode
Goal 2: Recovering File Contents
Recovering File Contents Cont.
Goal 3: Recovering Deleted Info
Recovering Deleted Filesystem Structure
Recovering File Contents – Bad News
Summary of File System Analysis
Tor Overview
One Slide Technical Overview
Tor Analysis MoFvaFon
Analyzing Memory AcFvity of Tor
IniFal Setup & Analysis
The Poor Man s Test
IniFal Analysis Results
InteresFng Output from Strings
Digging Deeper into Tor
Developed Analysis Scripts
Script 1 - Walking Tor s freelist
Freelist Structure
Script 2- Tor s Cell Pool Cache
Cell Pool Structures & EnumeraFon
Recovery of Packed Cells
Future Work – Live CD Filesystems
Future Work - Tor
Comments? QuesFons?
0 of .
Results for:
No results containing your search query
P. 1
BlackHat_DC_2011_Case_De-Anonymizing Live CDs-Slides-1

BlackHat_DC_2011_Case_De-Anonymizing Live CDs-Slides-1

|Views: 49|Likes:
Published by nickszg

More info:

Published by: nickszg on Mar 03, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





You're Reading a Free Preview
Pages 4 to 38 are not shown in this preview.
You're Reading a Free Preview
Pages 42 to 61 are not shown in this preview.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->