You recovered a bunch of files from a used hard drive and now what ?
If you ever wanted to push Windows offline forensic to the next level, come to our talk where we will show you how to use our open source tool OWADE (Offline Windows Analyzer and Data Extractor) to recover many interesting information from a used hard drive including web credentials, instant messaging credentials and user habits information.
We will walk you through the entire recovery chain process and demonstrate how to use OWADE to handle Windows various level of encryption (Syskey, DPAPI…) and extract the maximum information from used drives. OWADE is based on our work on DPAPIck our tool to decrypt DPAPI secrets.
We will present various statistics we computed on the data we gathered from the eBay used hard drive we bought to test and develop OWADE.
At the end of the talk we will release OWADE so you can play with it.
Elie Bursztein is a researcher at the Stanford Security Laboratory. His research is on computer security and applied cryptography with a specific attention to web, game and mobile security. He holds an engineering degree and a Ph.D in computer science Elie's research combines the advances in machine learning, cryptography, data mining and HCI to create more usable and secure systems. Lately, he has been working on improving CAPTCHA security and usability . He is also developing a Chrome extension for safer and more private browsing. Elie blogs at http://elie.im/blog and tweets at @elie.
Ivan Fontarensky is an engineer and computer security researcher at Cassidian's Cyber Security Centre. He conducts pentest and forensic analysis on different types of platforms. He served a number of years within the French department of Homeland Security as a computer forensics expert.
Matthieu Martin is a student at the Stanford Computer Security Lab. He holds an Engineering degree in computer systems, networks and security. His research focuses on captcha and, offline Windows data extraction and analyze.
Jean-Michel Picod is currently working for EADS CyberSecurity Center as the leader of pentests and forensics activities. He has an engineering degree in computer systems, networks and security. Over the past years he has been more focused on windows systems and their security.