Our talk will focus on challenges of cyberattack investigation, explain why we have constantly emerging level of cybercrime worldwide and propose a solution to increase efficiency of future cyberattack investigators.
Our presentation includes technical details and architecture of a tool that we use to conduct remote digital forensic analysis. Moreover, not only we reveal the internals of the tool, but will introduce a way to build your own tool for remote incident analysis. Our solution is an open-source constructor of Live OS environment that can suite such needs. While it is fully open-source and non-binary code, it introduces several novel approaches that are based on combination of existing techniques from the domain of free and open-source software.
The presentation includes a live demo of using the tool to analyze a remote infection in forensically sound manner. The infected machine will have a combination of multiple world class targeted attack malware (including kernel mode rootkit) and techniques deployed on a single host to complicate such analysis. We will announce public availability of free Live OS constructor code and invite volunteer contributors to the project. A new Live OS that we will use for the demo will be built live on stage during our talk.