Presented by:

C6741f09f444e6d4f069fa0c7c6fdd69

Gary Smith

from Pacific Northwest National Laboratory

Gary started out his professional career as a chemist/materials engineer. His start down the path to the Dark Side of Computing began when he wrote a program to design an optimal extruder screw rather than face thousands of calculations with a slide rule (yes, a slide rule.) Since then, he's done a lot of different things in computing. Always a glutton for punishment, he wrote his own sendmail.cf from scratch. Around 1993, Gary started doing computer security when the semiconductor company he was working for was forced to get on the Internet to send/receive Integrated Circuit designs faster and a firewall/Internet gateway was needed. Since then, Gary's been involved in firewalls, intrusion detection system and application hardening, and anti-spam filters. Gary really does computer security to support his bicycling habit. He has more bikes than most other people have computers. And they're a lot more expensive.

Frequently, performing a forensic analysis of a Linux disk image is often part of incident response to determine if a breach has occurred. Linux forensics is quite a different and fascinating world compared with Microsoft Windows forensics. In this presentation, we will analyze a disk image from a potentially compromised Linux system. We will attempt to determine the who, what, when, where, why, and how, create an event time line and a file system time line. Finally, we will extract artifacts of interest from the disk image. This presentation includes a demo so any sacrifices to appease the demo gods would be appreciated.

Date:
2018 April 28 - 03:45
Duration:
1 h 30 min
Room:
CC-200
Conference:
LinuxFest Northwest 2018
Language:
Track:
Security
Difficulty:
Hard

Happening at the same time:

  1. Writing your own VM - Programming Language
  2. Start Time:
    2018 April 28 02:30

    Room:
    CC-201 TUT1

  3. Harness the power of Kubernetes and Istio
  4. Start Time:
    2018 April 28 02:30

    Room:
    CC-202 TUT2

  5. Build and Program Your First NXT Robot
  6. Start Time:
    2018 April 28 02:30

    Room:
    CC-234 BAIRS

  7. Linux Professional Institute: Linux Essentials Cram Session
  8. Start Time:
    2018 April 28 03:30

    Room:
    HC-112 LPI

  9. Linux Sucks. Forever.
  10. Start Time:
    2018 April 28 03:45

    Room:
    HC-108

  11. Pop!_OS - A visionary tale of an OS that will.
  12. Start Time:
    2018 April 28 03:45

    Room:
    CC-115

  13. Harmonize or Resist? A Global Survey of Strategies for Software
  14. Start Time:
    2018 April 28 03:45

    Room:
    CC-114

  15. Perkeep
  16. Start Time:
    2018 April 28 03:45

    Room:
    CC-235

  17. EFF Open Forum
  18. Start Time:
    2018 April 28 03:45

    Room:
    G-103

  19. How to Deploy Your React Application While Saving Time and Energy
  20. Start Time:
    2018 April 28 03:45

    Room:
    CC-208

  21. Visual Studio and VS Code for Linux C/C++ development
  22. Start Time:
    2018 April 28 03:45

    Room:
    CC-236

  23. Migrating MSSQL TO POSTGRES, An Open Source War Story
  24. Start Time:
    2018 April 28 03:45

    Room:
    HC-103 Postgres

  25. Do good things - and talk about it!
  26. Start Time:
    2018 April 28 05:00

    Room:
    CC-201 TUT1

  27. Introduction to Working with Vagrant
  28. Start Time:
    2018 April 28 05:00

    Room:
    CC-202 TUT2