Two forensics-related presentations were excellent: informative, humorous and engaging. First, Johnny Long amused the audience with the tales from the forensics world, displaying probably hundreds of various devices containing USB in them. Watches, ducks, fake sushu, iPod Shuffle, you name it – everything had a USB port in it and therefore should be picked up from the crime scene as evidence.
Then Amber Schroader and Tyler Cohen in the next presentation went through Johnny’s “personal” items, trying to draw a verdict on his criminal activities. They showcased a variety of nifty tools from Paraben, which allows an investigator to go knee-deep into people’s mobile devices in order to fetch the useful data. The tool also automatically tries to recognize common file types and match those against common signatures, so saving critical information into an .mp3 file just hoping that it will be ignored by the investigator won’t work anymore.
It’s iPods everywhere, in both presentations, and for a moment you think you’re at MacWorld, but the reason is simple – USB-powered devices with large storage are capable of storing much more than someone’s Britney Spears tunes. First off, you can run things like Damn Small Linux directly off an iPod, and second, the device ignores everything that’s not music, which makes it pretty useful to carry around with your own library of files that you just never know you might need, like Metasploit Framework.
Another bit of information that I guess everybody is familiar with – encrypted AAC files purchased from Apple iTunes contain the buyer’s e-mail address in the clear. It’s also the e-mail address associated with the credit card, which might not be your .Mac e-mail address.
