This presentation will self-destruct in 45 minutes: A forensic deep dive into self-destructing message apps

DEF CON 21

Presented by: Andrea London (Drea), Kyle O'Meara
Date: Sunday August 04, 2013
Time: 12:00 - 12:45
Location: Track 4
Track: Track 4

Prior to 2013, the phrase 'Self Destructing Message' was most commonly associated with Inspector Gadget, Maxwell Smart, and the occasional Tom Cruise movie. With the advent of smartphone apps like Snapchat, Wickr, and Facebook Poke, the self-destructing message has left the world of 'International Men of Mystery' and arrived to the civilian world by way of smart phone applications. These apps, and others, claim to provide ephemeral or private messaging to assure senders that their messages are burnt after reading.

A message can be encrypted, but that does not make it clandestine or deniable. Through the use of forensic images, packet captures, and API review - we have recovered a wide range of artifacts from messages before, after, and during transmission. We are neutral, fact finding, forensic examiners on a mission. A mission to seek truth and provide you with the results of our deep dive forensic review of self-destructing messaging smartphone apps.

Andrea London

Andrea (Drea) London (@strozfriedberg) is a Digital Forensic Examiner in Stroz Friedberg's Dallas office. At Stroz Friedberg, Ms. London acquires and examines digital evidence from laptops, desktops and mobile phones in support of legal proceedings, criminal matters, and/or corporate investigations. Ms. London previously held positions at Arsenal Security Group and IBM's Internet Security Systems Emergency Response Team. At Arsenal, Ms. London was an integral part of the company's immediate response team for worldwide cyber security incidents. During this time she completed and has maintained certification as a Payment Application Qualified Security Assessor (PA QSA), Payment Card Industry (PCI QSA), and PCI Forensic Investigators (PFI), one of the first appointed by the PCI Council. At IBM, she acted as an official Quality Incident Response Assessor (QIRA) reporting PCI breaches to major card brands. Prior to her work for IBM, Ms. London was with the Air Force Office of Special Investigations (AFOSI), where she was one of two Airmen chosen for special duty assignment at the Defense Cyber Crime Center, and where she was tasked with testing and evaluating forensic software and hardware for the Center. StrozFriedberg.com

Kyle O'Meara

Kyle O'Meara is a Digital Forensic Examiner in Stroz Friedberg’s Washington, DC office. Mr. O’Meara is part of a national team of examiners skilled in performing forensic acquisitions, preserving data from a variety of electronic sources, and delivering astute analysis. He supports the firm’s electronic discovery cases and also serves as a member of Stroz Friedberg’s incident response practice. His work further entail forming and articulating concise opinions on complex technical matters which ultimately serve as expert testimony in depositions, trials and other proceedings. Prior to joining Stroz Friedberg, Mr. O’Meara was a Network Exploitation and Vulnerability Analyst for the National Security Agency (NSA) providing security guidance to the Army and Air Force. During this time, he performed computer forensics on a 6 month deployment to Iraq and served as a lead cryptanalyst for discovering malicious and vulnerable content in computer network operation projects. Mr. O'Meara holds a Master's of Science in Information Security Policy and Management from Carnegie Mellon University.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats