ResponderCon

Chrome Wasn’t Built in a Day

Join us at 12pm ET for this webinar.

Chromebooks present a forensic challenge as they become more prevalent. Analysis of Chromebooks has also matured. This talk builds on initial research and discusses acquisition challenges and capabilities, a deeper analysis of what Google stores in the cloud, and a comparative of the types of data that can be recovered from different sources associated with Chromebooks. This talk serves as an update of knowledge on Chromebook Forensics since the initial OSDFCon in 2018.

Two Faces to the Same Linux: GUI Environments

Join us at 11am ET for this webinar.

In the past we looked at Linux servers and how to investigate them. This time, we flipped the coin, and it’s Linux again, but this time it’s Linux desktops. There are other GUI environments available for the Linux operating system, but the most prevalent two are GNOME and KDE. This talk will demonstrate how to investigate user activity in each of these GUI environments, as well as what artifacts are accessible and where to find them. Eventually, a comparison between the two will be called for.

Log Parser as a Forensic Tool

Join us at 12pm ET for this webinar.

Log Parser is a MS tool which can be incorporated into open source tools to work as a fast, lightweight tool to collect operating system data, registry data, and log files as well as the ability to quickly parse log files and registry data.

Along with tools from the Sleuth Kit, such as find, it can be a full featured, open source incident response tool.

friTap – Decrypting TLS Traffic on the Fly

Join us at 10am ET/4pm CET for this webinar.

In recent years, obtaining decrypted network traffic for forensic purposes and analysis has become a more and more challenging task, both for forensic researchers as well as law enforcement agencies. Current techniques such as SSL pinning may render established analysis approaches like MitM proxies useless and prevent investigators and researchers from getting insights into encrypted traffic – even with full access to the device. In many cases, the time-consuming process of reverse engineering the application of interest remained the only option to obtain the keys for decrypting the network traffic, which lays the foundation for further protocol research and tool development.

In this talk, we present friTap a methodical approach to intercept the generation of encryption keys used by TLS for the purpose of decrypting the entire traffic an application sends. friTap is an open source framework built on top of FRIDA and is able to decrypt TLS traffic on all major operating systems including different CPU architectures.

Our approach enables researchers in network forensics to analyze the widely used proprietary network protocols in advance in order to gain insight into their structure, identify existing artifacts and finally develop methods and tools to aid future forensic analyses. To support this process, friTap provides an easy-to-use approach for researchers to create decrypted test data needed.

Meet the xLeapp Family

Join us at 12pm ET for this webinar.

With the successful launch of iLeapp and aLeapp in early 2020 and their presentation at OSDFCon 2020, numerous other projects have taken advantage of the framework with these two (2) projects.  Within the last eight (8) months, four (4) new projects have been released into the open-source community,  utilizing the framework that made iLeapp and aLeapp successful, creating an xLeapp family of projects.  The base framework that all the xLeapp projects use allows for the easy integration of artifacts to be introduced, with some of the artifacts transferable from one project to another (i.e., Chrome Browser artifacts).  In this presentation, we will look at what’s new in iLeapp and aLeapp, introducing the four (4) new xLeapp projects, cLeapp, rLeapp, vLeapp, and wLeapp, and take a brief look at the framework. We will talk about extending a project to add your artifacts or create your new xLeapp project.

Webinar: Cyber Triage Demo

We are hosting a live webinar that demonstrates the highlights of Cyber Triage. We hope you can attend. The event will have a 35-minute demo followed by Q&A.

In the webinar, Brian Carrier will talk about the unique value of Cyber Triage and provide an overview of its UI and features.

We’ve found that demos are a great way for people to get the full value of the software. They are ideal for people who have never used Cyber Triage and for those who know only the basics from the evaluation version.

We welcome all questions in the webinar, including the basics and things you observed while using the software.

Webinar: Cyber Triage Demo

We are hosting a live webinar that demonstrates the highlights of Cyber Triage. We hope you can attend. The event will have a 25-minute demo followed by Q&A.

In the webinar, Brian Carrier will talk about the unique value of Cyber Triage and provide an overview of its UI and features.

We’ve found that demos are a great way for people to get the full value of the software. They are ideal for people who have never used Cyber Triage and for those who know only the basics from the evaluation version.

We welcome all questions in the webinar, including the basics and things you observed while using the software.

Open Source Digital Forensics Conference 2021 (#OSDFCon)

The 12th Annual Open Source Digital Forensics Conference (OSDFCon) will be held virtually on December 1, 2021. This event allows attendees to learn about new software and meet the developers. It will be a full-day of 30-minute talks focused exclusively on open source digital forensics tools.

Here is what you can do before the conference starts:

Investigators should attend to learn about new tools and meet the developers building the software. Developers should attend to raise awareness of your efforts and get feedback from your users. As in past years, the event is free for government employees.

We look forward to seeing you at OSDFCon 2021!

Computer Autopsies: Use Free Forensic Software

Please join us for a webinar on March 31 at 11:00 am EST / 5:00 pm CET. If you are unable to make it live, we’ll provide the recording to everyone who registers

Computer Autopsies: Use Free Forensic Software

María Andrea Vignau will cover a real world case solved using Autopsy, giving all the necessary introduction to the work, covering:
1- Get evidence – Considerations about getting evidence from the field, preserving it. Chain of custody.
2- Make forensic copies – Using free software to make forensic sound images on evidence.
Using open source software.
3- Data analysis with Autopsy – The Autopsy SleuthKit’s workflow, from creating a case to obtaining reports.
Overview of the Graphical Interface and the possibilities.
4- Extending Autopsy with Python – How to extend autopsy using python, creating modules.
The developing environment, module’s types and use cases of each one.
5- María’s plugin, used to present evidence in a real case. Her real experience using this extending capabilities included in Autopsy, and why it was very helpful on a specially difficult case.

REGISTER