lowmanio.co.uk title image

CyberForensics Conference 2014 - Day 2

Sat, 05 Jul 2014 10:21AM

Category: Digital Forensics & Malware

Written by Sarah | With 1 comment

Day 2 was just as good as day one, here are the highlights:

  • Ethan Bayne presented on how to use GPUs to speed up carving and searching for files in a forensic image. Amazingly this has not been done yet, and the results he presented were spectacular as you can imagine! Essentially it's just parallelising a search; and in a demo during the morning break he showed me he could search a 20GB image in 45 seconds - and this was just using his MacBook graphics card. It amazes me that Guidance or AccessData have not yet thought about this in their products.
  • An interesting and lively discussion followed Jim Fraser's talk on the issues of modern police forensics. He (as a chemical/biological forensic expert) thought computer forensics was less rigorous and scientific than general forensics, as that was very much based on the scientific method. The debate followed that digital forensics is still a relatively new field in the history of forensics, and perhaps it's yet to settle down into a more rigorous manner. However due to the ever changing nature of operating systems and applications, we'll never have one method of doing anything. Blood and DNA doesn't change; the data, software and hardware on a computer does. 
  • James Sutherland gave a talk on leaking Intel CPUs AESKEYGENASSIST to an attacker. AESKEYGENASSIST is an instruction which is used to access the on-board AES encryption engine. James showed showed a proof of concept backdoor where the FDIV instruction (completely unrelated to AESKEYGENASSIST) was modified so that with specially crafted inputs, the AES key could be revealed. He then created a webpage with JavaScript that triggered the backdoor, and revealed the key. He mentioned that the NSA have been known to use JavaScript for similar purposes, and they have been known to intercept servers to install backdoors...
Tagged with: conference, cybercrime, GPU, AES, NSA


All the papers from the event can be found here: https://personal.cis.strath.ac.uk/george.weir/cyfor14/papers/
Sat, 05 Jul 2014 10:29AM

Add a comment