当前位置:首页 > 报告详情

TAILs的法医分析.pdf

上传人: 可*** 编号:991813 2025-12-07 47页 2.02MB

1、2025 Walmart Inc.All Rights Reserved.SENSITIVE INFORMATION CLASSIFICATIONDoes Slicing Onions Make You Cry Forensic Analysis of TAILs2025 Walmart Inc.All Rights Reserved.SENSITIVE INFORMATION CLASSIFICATIONwhoamiPrincipal Incident Response Engineer Walmart CSIRTNIFA Network Intrusion Forensic Analyst

2、,USSS/NCFIOfficer Portland Police Bureau-Investigative Branch,Forensic Evidence Division,Digital Forensics UnitOpinions are mine NOT my employerAll Data is fake NO real PII is in the data sets.2025 Walmart Inc.All Rights Reserved.SENSITIVE INFORMATION CLASSIFICATIONPresentation OutlineMemory and Fil

3、esystem CollectionMemory and Filesystem AnalysisWhat is Tails and How is it used Illegal ActivitiesIssues examiners face w/systems booted into TAILsConclusion/Q&A2025 Walmart Inc.All Rights Reserved.SENSITIVE INFORMATION CLASSIFICATION2025 Walmart Inc.All Rights Reserved.SENSITIVE INFORMATION CLASSI

4、FICATIONIssues Examiners and First Responders Face Identification=Realizing and understanding that TAILs is running on the PC Encryption Default encryption is LUKS(Linux Unified Key Setup).Think full disk encryption to include the root partition(operating system files)Access Without the administrato

5、r password,you will not have access to the filesystem or root privileges,which can make accessing the filesystem and or collection problematic if not impossible.2025 Walmart Inc.All Rights Reserved.SENSITIVE INFORMATION CLASSIFICATIONIssues Examiners and First Responders Face Persistence Unlike trad

6、itional operating systems,TAILs doesnt offer persistent storage by default.Persistence must be established by the user and is LUKS encrypted by default Volatile Since the TAILs runs only in memory(RAM)the data is volatile and not recoverable after shutdown,hence lacking persistence by default.2025 W

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据标记内容,全文主要围绕使用Tails操作系统进行数字取证分析展开。以下是关键点: 1. **Tails使用与问题**:Tails是一个注重隐私的Linux发行版,默认使用LUKS加密,无持久存储,数据易丢失。 2. **取证流程**:包括内存(RAM)和文件系统收集,以及内存和文件系统分析。 3. **内存收集**:需要root权限,使用Volexity Surge Collect Pro和Microsoft AVML等工具。 4. **文件系统收集**:使用dd命令创建.raw文件,或使用Volexity Surge Collect。 5. **分析工具**:Volatility 3、YARA、Strings、GREP等。 6. **内存分析**:通过Volatility 3、YARA、Strings等工具分析内存数据。 7. **文件系统分析**:解密LUKS分区,分析文件系统内容。 8. **资源**:列出相关工具和资源的链接。
**洋葱切片为何流泪**? **如何分析Tails系统数据**? **数字取证中的挑战与技巧**?
客服
商务合作
小程序
服务号
折叠