As a pentester, when was the last time you 'recovered' deleted files from the MFT of a pwned box? Ever used an index.dat parser for identifying your next target? Do you download browser remnants of your victims to gather their saved form data?
Despite the sensitive information uncovered through forensic techniques, the usage of such concepts have primarily been limited to investigations and incident response. In this talk, we will cover the basics of "Offensive Forensics", what information to look for, how to find it, and the use of old tools in a new way. After looking at the post-exploitation potential, we'll dive into real-world examples and release the first ever "Vulnerable [Forensics] by Design" machine!
Benjamin Caudill (@RhinoSecurity) is a principal consultant for Rhino Security Labs, an IS consulting and managed security firm. Prior to his years in consulting, Ben worked as a penetration tester and incident responder in the aerospace and finance industries. When not hacking all the things, he enjoys long wardrives on the beach and drinking too much (not necessarily in that order).