Customized Google Chrome Forensics with Python - DFIR Summit 2015

by Ryan Benson, Digital Forensic Examiner, Stroz Friedberg Hindsight is an open source tool (written in Python) for extracting, interpreting, and reporting on Google Chrome artifacts. It is extensible via “plugin” files that can do very targeted analysis. Example plugins include parsing Google Analytics cookies, extracting Facebook user names from downloaded pictures, or even detecting possible system clock tampering by comparing server-side and local timestamps. This presentation will show users how to use Hindsight to analyze a user’s Chrome installation, how to write custom plugins to parse specific artifacts, how to integrate Hindsight into a complex investigative workflow, and finally, how to explain all this to a manager in a report. Ryan Benson, Digital Forensic Examiner, Stroz Friedberg Ryan Benson is a Digital Forensic Examiner at Stroz Friedberg’s San Francisco office. He previously worked at Mandiant, doing incident response and forensic investigations. In his free time he is the developer of an open source tool called Hindsight, a Chrome forensics tool written in Python. Ryan holds a Bachelor’s degree in Computer Engineering from the University of the Pacific. During his undergraduate studies, he did an internship in the FBI’s Silicon Valley Regional Computer Forensics Lab. He is a member of the High Technology Crime Investigation Association (HTCIA) and holds several certifications including the GIAC Certified Forensic Analyst (GCFA) and GIAC Certified Incident Handler (GCIH). @_ryanbenson

Видео Customized Google Chrome Forensics with Python - DFIR Summit 2015 автора Алгоритмическая Аптека