Time and Place: Finding Evil with Atemporal Time Line Analysis

Expo Theatre (Hall G) October 18, 2011 - Feedback   

Bookmark and Share

Dave Hull

For the last few years computer forensic investigators have been singing the praises of Kristinn Gudjonsson’s Log2timeline, a tool that has revived time based artifact analysis despite the use of tools like Vinnie Liu’s Timestomp. This talk will take another look at time lines, but not for their temporal data. We’ll see how even without the time stamps the data can help incident responders and forensic investigators to find malicious code. We’ll look at a case study along the way and see how this technique was used in the real world to uncover backdoors and trojans despite the attacker’s manipulation of time stamps. See the talk and learn why in this case telnet was more secure than SSH.