Forensic Fails - Shift + Delete won't help you here

DEF CON 21

Presented by: Michael Perklin, Eric Robi
Date: Sunday August 04, 2013
Time: 14:00 - 14:45
Location: Track 4
Track: Track 4

Forensic fails illustrates the rather comedic attempts at "anti-forensics" by inept computer users trying to hide their tracks. We will recount real-life stories about folks whose level of hacker-mojo might aspire to 1337 status but fall a little short. This talk covers why and how these fails happened and illustrate the forensic artifacts and the techniques used to analyze them.

Eric Robi

Eric Robi (@ericrobi) is the founder of Elluma Discovery. He has been conducting forensic exams for 11 years and has served as a computer expert witness in Federal and State courts in matters involving computer hacking, trade secrets, murder, database forensics, email forgery, and electronic discovery. He has performed forensic examinations in many hundreds of cases. Eric has spoken multiple times at forensics conferences including CEIC and The Cybercrime summit. He holds a CCE certification among other things and is an active participant in the EDRM (Electronic Discovery Reference Model) and helped publish a model for reducing risk of confidential and private information dissemination.

Michael Perklin

Michael Perklin is currently employed as a Senior Investigator within the Corporate Investigations department of an Enterprise class telecommunications firm. Throughout his career he has performed digital-forensic examinations on over a thousand devices and has processed petabytes of information for electronic discovery. Michael has spoken at security conferences internationally about a variety of topics including digital forensics, computer security, data hiding, and anti-forensics. Michael holds numerous security-related degrees, diplomas and certifications, is a member of the High Technology Crime Investigations Association, and is an avid information security nut who loves learning about new ways to break things.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats