Whether performing an in-depth investigation or merely quick research, the investigator (or researcher) and the investigation itself are exposed to certain risks.
This talk focuses on security and safety issues pertaining to online research and investigations. It covers different areas of the investigative process and how tools and particular techniques can leak information detrimental to the case or the investigator.
Furthermore, it goes deeper into how investigators and blue teams can be profiled and targeted. Those can be either direct attack against their computer or supporting infrastructure, their person, or the investigation, which in turn may be as subtle as steering it in the wrong direction or making the evidence inadmissible in court.
More specifically the talk will cover different browser and infrastructure fingerprinting techniques, browser hooking, instant messaging programs, email security, and tracking.
As it covers the dangers, this talk provides series of countermeasures and mitigations, which can help the investigator increase their level of safety and security and decrease their digital footprint.
In addition, the talk introduces containerization and how it can be used to segment and streamline the process.
Krassimir Tzvetanov is a graduate student at Purdue University focusing on Threat Intelligence, Operational Security, and Counterintelligence techniques (in the cyber domain). In the recent past, Krassimir was a security engineer at a small CDN, where he focused on incident response, investigations, and threat research. Previously he worked for companies like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation, and product security. Before that, Krassimir held several operational (SRE) and security positions at companies like Google and Yahoo! Krassimir is very active in the security research and investigation community and has contributed to FIRST SIGs. He is also a co-founder and ran the BayThreat security conference and has volunteered in different roles at DEF CON, ShmooCon, and DC650.