A Geek's Guide to Digital Forensics

Author: GoogleTechTalks
36706 View
55m 48s Lenght
176 Rating

Google Tech Talk (more info below) June 16, 2011 Full Title: "A Geek's Guide to Digital Forensics, or How i Learned to Stop Worrying and Love the Hex Editor" Presented by Andrew Hoog. ABSTRACT This talk will provide a technical introduction to digital forensics geared towards fellow geeks who think tinkering with data in hex is fun and interesting. The talk will provide a brief background on forensics and important concepts including acquisition and verification techniques. Forensic analysis, the really fun stuff, will be covered in detail including specific a walkthrough on how to carve YAFFS2 timestamps from a nandump of an Android device. Finally, we will cover the emerging intersection of digital forensics and traditional security, specifically mobile app security and continuous forensic monitoring of key systems. Link to slides: http://viaforensics.com/computer-forensics/google-tech-talk-geeks-guide-to-digital-forensics-june-2011.html Speaker Info: Andrew Hoog is a computer scientist, certified forensic analyst (GCFA and CCE), computer and mobile forensics researcher, author of two forensic and security books, expert witness and co-founder of viaForensics, an innovative digital forensic and security firm. He divides his energies between investigations, forensic software development, and research in digital forensics and security. He also has two patents pending in the areas of forensics and data recovery. He lives in Oak Park, IL, where he enjoys spending time with his family, traveling, great wine, science fiction, and tinkering with geeky gadgets.

Comments

  1. i found snowden
  2. Does anyone know what is the major difference which occurs between FAT12/16 and FAT 32 which occurs during format?
  3. Logical is like a partition on your PC hard drive. Instead of a physical acquisition, which is a bit for bit copy on the entire hard drive, including deleted, unallocated, etc., the logical acquisition retrieves the files on that particular section of the hard drive
  4. +If Only  A logical extraction is non-deleted information that is retrieved from the phone like texts, videos and call logs- just data that is stored locally on the phone. We have some more videos featuring Andrew and others if you'd like to check them out!
  5. Can someone better explain to me what logical acquisition is?
  6. Forensic psychology and Forensic toxicology .
    Interesting books are "Guide to Information Sources in the Forensic Sciences"  really gopod read
  7. Someone who is serious about destroying evidence will use a hammer and a lighter.
  8. hearing geek as a verb is wierd. "geek it up a notch". he must be have flashbacks of watching emyrl in the kitchen.
  9. In a given YouTube video, viewers experience is vastly improved and no information is lost by skipping first 30 % of that video length. That's called the Wadsworth Constant :P
  10. Why don't speakers can't go straight into the main topic! " Google invited me....bla bla bla..." disgusting! Like the video though!
  11. very nice video.
  12. Good video but the quality is horrible. 720p/1080p would be nice :/
  13. SMART PEOPLE ARE NOT GEEKS. Jesus stop ruining my will to be a computer engineer with this retarded practice of calling yourselves "geeks".
  14. Good Guide
  15. @DjAdam16 you don't even know tech, lol
  16. That was a very good intro to this space but I can't like this multiple times without effort. Well done!
  17. blablabla techrant blablabla
  18. Someone who is serious about destroying evidence will use dban or HDDErase.
  19. @disorganizedorg Not less secure, just more open. Security through obscurity is no defense. In any case the data comes off, just the wear leveling etc. changes the exact physical image of the device even if no writes are happening, which makes verifying the image less viable.