Forensic

Full list of my blog posts, publications and talks in category forensic.
Filter by
blurry image for loading
blurry image for loading
hacking
What tools do the fbi use when seizing computers or the curious case of the mouse jiggler device
What tools do the fbi use when seizing computers or the curious case of the mouse jiggler device
Blog post Jan 2016
This post summarizes which equipement the FBI use to seize the content of servers and laptops despite many of them use full disk encryption and which defenses exist.
blurry image for loading
blurry image for loading
hacking
Beyond files recovery owade cloud-based forensic
Beyond files recovery owade cloud-based forensic
Talk Black hat 2011
We present how to by pass offline the 4 layers of Windows encryption that protect web credentials and instant messengers credentials. We explain how to extract the sensitive data stored by the four major web browsers and the most popular instant messengers softwares such as Skype and Live messenger.
blurry image for loading
blurry image for loading
hacking
Recovering windows secrets and efs certificates offline
Recovering windows secrets and efs certificates offline
Publication WOOT 2010
Based on our reverse-engineering we show how DPAPI, the Windows API for safe data storage on disk work. Our analysis reveals that it is possible to recover all previous passwords used by any user on a system. We have implemented DPAPI data decryption and previous password extraction in a free and open-source tool called DPAPIck.
blurry image for loading
blurry image for loading
security
Reversing dpapi and stealing windows secrets offline
Reversing dpapi and stealing windows secrets offline
Talk Black Hat DC 2010
We show how DPAPI, the Windows API for safe data storage on disk work. Our analysis reveals that it is possible to recover all previous passwords used by any user on a system. We have implemented DPAPI data decryption and previous password extraction in a free and open-source tool called DPAPIck.
--
Get cutting edge research directly in your inbox.