View analytic
Thursday, July 30 • 4:45pm - 6:00pm
Bill Blunden: Anti-Forensics: The Rootkit Connection

Sign up or log in to save this to your schedule and see who's attending!

Conventional rootkits have focused primarily on defeating forensic live incident response and network monitoring using a variety of concealment strategies (e.g. detour patching, covert channels, etc). However, the tools required to survive a post-mortem analysis of secondary storage, which are just as vital in the grand scheme of things, recently don't seem to have garnered the same degree of coverage. In this presentation, the speaker will examine different approaches to persisting a rootkit and the associated anti-forensic tactics that can be employed to thwart an investigator who's performing an autopsy of a disk image.

Thursday July 30, 2009 4:45pm - 6:00pm
Augustus Ballroom 5-6

Attendees (0)