2. We Misunderstand Each Other… Forensic Scientists: Hackers are those misguided criminal pirates (aargh!) who care little for methodology and science… and they smell like cheese. Hackers: Forensic Scientists are those talentless nerds in the lab on CSI who care little for ingenious solutions… and they smell like cheese.
3. Merging Subcultures BUT the forensic science community and “hacker” communities share some overlapping goals: Use (or develop) best technologies available for the job Use clean, beautiful code and techniques Create an environment that fosters peer review Inspire others to contribute and build on existing projects Mutual interest in ridding the world of bad guys ™
12. Forensics Community: OPEN SOURCE Tools: Jailbreaking using A crude method to brute force access into a device Technology
13. Hacking Community: OPEN SOURCE Tools: A foundation for ELEGANT, safe disk-level tools, using REPRODUCIBLE TECHNIQUES… but making it look so awesome you’d think we used black magic Technology
17. Best Technology and Practices… We already had the best technology at the time, but… MFW 09 communicated the importance of: Simplifying tools to reduce mistakes Reducing dependence on third party applications Making our methods more understandable Making our imaging time faster Taking a minimalist approach to imaging
18. ICAC Workshop Oct 19-22 “Forensics Camp 2010” 40 seats available: ICAC members ONLY Registration is FREE You’ll receive around $10,000 of training FREE. Jonathan Zdziarski, Andrew Hoog, Sam Brothers, Ryan Kubasiak, RCFL: 4 days of intense broad-based digital forensic training Oh, and some of us are hackers.
19. Best Technology and Practices… The latest iPhone/iPad forensic suite: Simplifying tools to reduce mistakes No more deep firmware manipulation Just a couple simple scripts Reducing dependence on third party applications No more Pwnage “jailbreak” tool, no more iTunes Making our methods more understandable Better documentation and workshop slides Making our imaging time faster Ride atop Apple’s high speed usbmux protocol Taking a minimalist approach to imaging No firmware rewrite, no kernel patching All OS-level operations performed from RAM
20. Clean/Beautiful Code Don’t hate me because I’m beautiful… Recovery agent ~20 lines of code, < 10K All shell scripts are, by definition, open source; cleanly written Tiny (10K) footprint in protected, read-only OS space Password removal is now a controlled 2-byte write to user
21. Peer Review Approved for use by three-letter law enforcement agencies and in the defense sector Still the highest scored iPhone tool in Andrew Hoog’s white paper Tested daily by over 1,000 law enforcement agencies world-wide Presently being validated by Sam Brothers (US Customs / Border Protection) Latest documentation replacing obsolete book free for download Chicks dig it
22. Contributions http://www.iphoneinsecurity.com set up for posting submissions, articles, and papers All source code readily available on website A number of very bright people in both communities have been quietly contributing their code and ideas … the forensics community is invited to participate!
23. Mutual Interest Hackers hate rapists, murderers, child molesters, (and sometimes even drug dealers) just as much as the forensics community. We’re willing to play by your rules and use your requirements to help put together highly advanced solutions. Please, continue to share your needs (and wants)