• Hey, it's the guy whose password you stole
    I would like for you guys to seriously fuck off, because I nearly lost my account to one of your clients, and yes I can trace you, so screw off

    John Jay College-Criminal Justice

    524 59th Street · Room 06.68 (Moot Court), NY

    1 comment
  • July - DFIR/InfoSec Happy Hour
    Brian drained from RE'ing malware? Tired at watching IDS alerts? Your FTK index keeps breaking? Have you been angrily typing then deleting, "kill the users" from your incident response reports? We all get to those points where we need to unplug. For the next two months instead of walking you through exploits, artifact parsing or the latest SSL vulnerabilities, we are going to do some after work get togethers to unwind and socialize among our peers. Please join us Thursday, 7/17 at 6:30 PM EDT (to whenever), at Rattle -n- Hum (http://www.rattlenhumbarnyc.com/) on 14 East 33rd St., New York, NY 10016 (https://www.google.com/maps/place/Rattle+N+Hum,+14+E+33rd+St,+Manhattan,+NY+10016/@40.7472624,-73.984236) (btwn 5th and Mad) for some beers and share some DF/IT/InfoSec stories! Rattle n Hum has early 40 microbrews on tap, great pub food and a relaxed atmosphere - much better than the co-lo you were locked in at... while dumping data from a rack of severs... under a A/C vent.. for 5 hours. Hope to see you all there! Thanks to Willi Ballenthin ( https://twitter.com/williballenthin and http://www.williballenthin.com/ ) for throwing out the idea of a get together next week and allowing me to co-op the idea. We can kick around dates for August then too.

    Rattle N Hum

    14 East 33rd St., New York, NY 10016 · New York, NY

    8 comments
  • An Introduction to the Microsoft exFAT File System
    As investigators and information security professionals, we have to constantly be aware of changing file systems to track data changes and accurately apply attribution to system changes. In 2006 Microsoft released a successor to the FAT32 file system named the Extended FAT file system - labeled exFAT for short. exFAT was initially released for the Windows CE handheld device and in 2008 a version of exFAT was released for Microsoft Desktop and Server operating systems. Today exFAT is licensed and supported on many devices and systems, including Unix/Linux systems. The SD card association, with the release of the Secured Digital Extended Capacity (SDXC) memory card, has adopted exFAT as the standard file system for SDXC media which is used in cameras, cell phones and other consumer electronics. exFAT is implemented in a different file system organization than the legacy predecessor FAT family file systems such as FAT12/16/32, and the forensics investigator will be required to know and understand this new format as forensics examinations are conducted using this new file system. Robert Shullich (http://www.linkedin.com/in/robertshullich), Enterprise Security Architect at Tower Group Companies, will give a great overview of the exFAT file system and the implications for investigators. exFAT topics to be covered in the session: • History • Features • File System Limits • Advantages/Disadvantages • Relevance to forensics computing and digital investigation • Hiding places to look out for – where criminals can hide things So please join us on Wednesday June, 11th, 6:30pm at John Jay College of Criminal Justice,[masked]th Street, Room 630T for this exciting meet-up. BIO Robert Shullich (http://www.linkedin.com/in/robertshullich) is an Enterprise Security Architect at the Tower Group Companies, and has also worked in other Financial Organizations in various senior roles in Information Risk and Information Security. Shullich has served in roles that assess information risk by evaluating the inherent risk in IT projects, and proposes additional controls that either mitigate or reduce the risk in those projects. He holds Master Degrees in Computer Science, Business Administration, Telecommunication Networks and Digital Forensics and Cyber Security. He holds many professional certifications that include the CPP, CISSP-ISSAP, ISSMP, CCFP-US, CISA, CISM, CIPP/US, CEH, CHFI, ECSA, GSEC, GCFA and CRISC. He has been in the IT field for 40 years, with at least 20 of those years in information security.

    John Jay College-Criminal Justice

    899 Tenth Avenue 10th Ave btwn 58th and 59th Streets · New York, NY

    11 comments
  • Thanks For the Memory: Rootkits, Exfil and APT - RAM Conquers All
    The ability to perform digital investigations and incident response is becoming a critical skill for many occupations. Unfortunately, digital investigators frequently lack the training or experience to take advantage of the volatile artifacts found in physical memory. Volatile memory contains valuable information about the runtime state of the system, provides the ability to link artifacts from traditional forensic analysis (network, file system, registry), and provides the ability to ascertain investigative leads that have been unbeknownst to most analysts. Malicious adversaries have been leveraging this knowledge disparity to undermine many aspects of the digital investigation process with such things as anti-forensics techniques, memory resident malware, kernel rootkits, encryption (file systems, network traffic, etc), and Trojan defenses. The only way to turn-the-tables and defeat a creative digital human adversary is through talented analysts. This talk demonstrates the importance of including Volatile memory in your investigations with an overview of the most widely used memory forensics tool, Volatility, by its developers. So please join us on Thursday May, 8th, 6:30pm at John Jay College of Criminal Justice,[masked]th Street, Room 630T for this exciting meet-up.

    John Jay College-Criminal Justice

    899 Tenth Avenue 10th Ave btwn 58th and 59th Streets · New York, NY

    4 comments
  • Diamonds in the Rough: Top Security Vulnerabilities, Enabling Top Breaches
    Information security and incident response are two sides of the same coin. However, far to often the information sharing cycle is short circuited and the top vulnerabilities that are exploited do not make it in to the next round of proactive testing. In June's NYC4SEC meet-up, Michelangelo Sidagni, NopSec Chief Technology Officer, will analyze recent security breaches and forensic cases to create a top-ten list of most exploited security vulnerabilities ...and how the enterprise could easily avoid them. At the end of the talk a discussion will follow discussing forensic cases and related security vulnerabilities from the audience. So please join us on Thursday June, 20th, 7:00pm at John Jay College of Criminal Justice,[masked]th Street, Room 630T for this exciting meet-up. Speaker Bio: Michelangelo Sidagni NopSec (http://www.nopsec.com/vrm) Chief Technology Officer As the Chief Technology Officer, Michelangelo is responsible for the technical development, security research and operations. He brings 19 years of security engineering experience to the organization. He leads strategy and development of NopSec’s Unified Vulnerability Risk Management (VRM™) solution. Previously, Michelangelo was the Director of IT Security Services at Ciphertechs, a New York-based information security services provider, and he was also the lead internal consultant at BlueCross BlueShield of Massachusetts, advising on privacy and security of the Health Insurance Portability Accountability Act (HIPAA) for the health insurance industry. He started his career as a principal consultant at Pricewaterhouse Coopers and KPMG, advising federal, banking and financial services clients on information risk and security management. Michelangelo holds numerous professional certifications in information security, including Certified Information Systems Security Professional (CISSP), SSCP (System Security Certified Professional), Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), GIAC Certified Incident Handler (GCIH) and Snort Certified Professional (Snort CP). Also, he is a member of Open Web Application Security Project (OWASP), Information Systems Audit and Control Association (ISACA), Information Systems Security Association (ISSA) and International Information Systems Security Certification Consortium (ISC2). Additionally, Michelangelo is a security researcher and frequent speaker at local and national IT security conferences. Michelangelo also holds a Master of Business Administration from University of Pavia in Italy. He resides in New York City. A big thank you as always for John Jay College of Criminal Justice for being such gracious hosts for NYC4SEC! Check out the list of upcoming events on The Center for Cybercrime Studies website: http://www.jjay.cuny.edu/centers/cybercrime_studies/index.php

    John Jay College-Criminal Justice

    899 Tenth Avenue 10th Ave btwn 58th and 59th Streets · New York, NY

    2 comments
  • DFIR Phone Home
    Likely, you have owned as many cellphones as you have personal computers. In addition, the past few years cellphones have seen their market share eroded by smartphones - tiny always connected computers that we keep glued to persons 24/7. The use of these devices for communication, navigation, content creation, general communication and entertainment are only increasing. These devices can be a critical area for digital forensic investigations and as smartphone storage capacities, processing power and capabilities increase, the sheer amount of evidence available means mobile forensics examiners must “work smarter” to reduce investigative cycle times -- both for themselves and for investigators they work with. In April’s NY4SEC meeting, Cellebrite (http://www.cellebrite.com/mobile-forensic-products.html) will demonstrate how data analytics and visualization tools help examiners to parse and organize the vast quantities of existing, hidden and deleted data available from mobile device file systems and memory -- and how these analytics help to develop meaningful leads. So please join us on Wednesday April, 17th, 7:00pm at John Jay College of Criminal Justice,[masked]th Street, Room 06.68 (Moot Court) for this exciting meet-up. Big thank you as always for John Jay College of Criminal Justice for being such gracious hosts for NYC4SEC! Check out the list of upcoming events on The Center for Cybercrime Studies website: http://www.jjay.cuny.edu/centers/cybercrime_studies/index.php

    John Jay College-Criminal Justice

    524 59th Street · Room 06.68 (Moot Court), NY

    1 comment
  • NYC4SEC Thunderdome - Lightning Talks
    This event was canceled.
  • Pink Elephants and Big Data: Using Sleuth Kit & Apache Hadoop
    "Big Data" and "cloud" are buzz word that get thrown around a lot these days - but what are they describing? Data storage, processing, IaaS, SaaS - all, some, none? It's important to put it in context and have a goal - such as leveraging the technology for better processing and investigations. We hear a lot in the news about the “Cloud” and “Big Data,” but it is hard not to be skeptical when most of our applications are still desktop-centric, single-threaded, and unreliable when confronted with large evidence sets. This month Geoff Black (http://www.linkedin.com/profile/view?id=6276798&locale=en_US&trk=tyah), will be giving a talk that discusses the Sleuth Kit Hadoop (http://www.sleuthkit.org/tsk_hadoop/) project, an effort to leapfrog conventional forensics software with highly scalable open source technology. After a brief overview of how Hadoop (http://wiki.apache.org/hadoop/ProjectDescription) works, the architecture and feature set of the Sleuth Kit Hadoop project will be presented, followed by a demonstration, and instructions on how to install it on your own systems. This was a presentation that Jon Stewart (http://www.linkedin.com/pub/jon-stewart/3/2b8/42b) of Lightbox Technologies (http://www.lightboxtechnologies.com/) gave at the Open Source Digital Forensics Conference (http://www.basistech.com/about-us/events/open-source-forensics-conference/) and we are excited to have Geoff give it to the NYC4SEC group!! So please join us on Wednesday October, 17th, 7:00pm at John Jay College of Criminal Justice, 899 Tenth Avenue (59th St. and 10th Ave.) in Room 610T (possible move to 630) for this exciting meet-up. Big thank you as always for John Jay College of Criminal Justice (http://www.jjay.cuny.edu/) for being such gracious hosts for NYC4SEC! Check out the list of upcoming events on The Center for Cybercrime Studies website: http://www.jjay.cuny.edu/centers/cybercrime_studies/index.php

    John Jay College-Criminal Justice

    899 Tenth Avenue 10th Ave btwn 58th and 59th Streets · New York, NY

    3 comments
  • Hash and Eggheads: Using and Abusing Cryptographic Hashes
    Data sets continue to grow at an exponential rate posing a continued challenge for our investigations, discovery and security tasks. Often its not finding the needle in the hay stack but finding the right needles in pile after pile of needles mixed in haystacks. Thankful we have good 'ol math to help us out. Using math we can generate hashes of our data and as a computer security professional you have most likely heard about cryptographic checksums before and how they can be used in computer forensic investigations. Pär Österberg Medina (http://www.linkedin.com/pub/p%C3%A4r-%C3%B6sterberg-medina/6/838/344) returns to NYC4SEC (last presentation (http://www.nyc4sec.info/events/51177892/)) for another presentation and will demonstrate how we effectively can take advantage of these checksums, both to find files of interest but also how we can exclude files that are known - making it easier for us to focus and analyze the files we never seen before. He will show how we can integrate the Reference Data Set from NIST and how to partition the NSRL so we can separate the infamous ‘Hacker Tools’ products from our KnownGood database. Furthermore he will show how 'hashdog', a program used to generate custom hash databases, can be used to generate hashes of programs and application that are used by your organization. Continuing, he will talk about fuzzy hashing and how "almost matching" can be used to identify both file fragments and establish relationship with other files. In addtion, he will also demonstrate techniques that malware can use in attempts obsfucate detection by fuzzy matching and demonstarte how hash collisions can be used for anti-forensics purposes. Lastly, he will present hashmap - a technique that can be used to detect hash collision in files that have been modified with the intent to try to fly under the radar. Pär Österberg Medina (http://www.linkedin.com/pub/p%C3%A4r-%C3%B6sterberg-medina/6/838/344) has worked with computer security for over 15 years. Having a background in both system administration and penetration testing, he currently works as an Incident Response Consultant for McAfee and Foundstone (http://www.foundstone.com/) Professional Services, specializing in Malware Analysis and Memory Forensics. Prior to joining Foundstone, Pär spent the last 8 years working as an Incident Handler, investigating computer intrusions and coordinating security related incidents for CERT-SE, the national Computer Security Incident Response Team for Sweden. He specializes in Malware Analysis and Memory Forensics, finding Rootkits that try to stay hidden in the Operating System. He has conducted training and lectured on this subject all over the world at conferences such as FIRST (http://www.first.org/), SANS (https://www.sans.org/) and The GOVCERT.NL Symposium (http://www.govcert.nl/symposium). So please join us on Thursday September, 13th, 7:00pm at John Jay College of Criminal Justice, 899 Tenth Avenue (59th St. and 10th Ave.) in Room TBD for this exciting meet-up. Big thank you as always for John Jay College of Criminal Justice (http://www.jjay.cuny.edu/) for being such gracious hosts for NYC4SEC! Check out the list of upcoming events on The Center for Cybercrime Studies website: http://www.jjay.cuny.edu/centers/cybercrime_studies/index.php

    John Jay College-Criminal Justice

    899 Tenth Avenue 10th Ave btwn 58th and 59th Streets · New York, NY

  • The Sum of the Parts: DFIR Online & NYC4SEC Combo Meet-up
    This month we are very excited to be doing (for the first time!) an online stream of the NYC4SEC meet-up in conjunction with DFIR Online (website: http://www.writeblocked.org/dfironline.html - Twitter hash tag: #DFIROnline) (https://twitter.com/#%21/search?q=%23DFIROnline). Even more exciting is the father of DFIR Online, Michael Wilkinson (http://www.linkedin.com/pub/michael-wilkinson/13/3a5/168), will be the one presenting! Mike will be presenting on the topic of file carving. File carving, like any non-digital carving, can be done with laser precision or roughly with a chain saw. The variety of file systems, block sizes, file types, tools, platforms, etc. can add to the complexity so it's good to know what you are going to be slicing up, slicing for and what blade to grab. Talk description: We will be looking at the current state of file carving algorithms. Everyone uses file carving at some point, every now and then it finds the smoking gun, but do you know how your favorite tool is actually searching for and recovering those files? Why do some tools work better than others? Why do some tools find some things and miss others? Is there a best carving tool out there? All these questions and more will be asked, and some will even be answered.... Bio: Michael Wilkinson is the Program Director of both the M.S. Digital Forensic Management and M.S. Digital Forensic Science Programs (http://www.champlain.edu/graduate-studies/programs/master-of-science-in-digital-forensic-science-x20574.html) at Champlain College (http://www.champlain.edu/). He has been involved in education since 2001 when he was appointed to a Lecturer position at the Australian Catholic University, where he taught programming, data communications and information system security. Currently he teaches both undergraduate and graduate courses and is a Co-Director of the Senator Leahy Center for Digital Investigation which provides investigative and research services to Law Enforcement, Government agencies and the general public. Prior to joining Champlain College (http://www.champlain.edu/) Michael was a coordinator of the New South Wales Police Force, State Electronic Evidence Branch. He has been actively involved in the development of the Digital Forensics profession through his involvement with the National Institute of Forensic Science where he was involved in the creation of national competency and validation standards. So please join us on Thursday June, 21, 7:00pm at John Jay College of Criminal Justice, 899 Tenth Avenue (59th St. and 10th Ave.) in Room 630T for this exciting meet-up. Please attend in person if you can. If you cannot make it, please visit http://champlain.adobeconnect.com/wilkinson/ at the presentation time and we will be streaming live! Please feel free to talk to us before the event at Twitter hash tag #DFIROnline (https://twitter.com/#%21/search?q=%23DFIROnline) Also visit the DFIROnline website at: http://www.writeblocked.org/dfironline.html

    John Jay College-Criminal Justice

    899 Tenth Avenue 10th Ave btwn 58th and 59th Streets · New York, NY