My first guest post on the Open Security Research Blog was published yesterday. In this post I walk through the steps required to install and compile LiME Forensics, a Loadable Kernel Module that allows you to dump the full contents of memory of an Android based device. The instructions have been tested successfully on Ubuntu 11.10, with Java SE Development Kit 6 Update 31, the Android SDK r18, NDK r7c and with the emulator running an Android Viritual Device (avd) based on Android 4.0.3 (API 15).
If you spot any errors, typos or mistakes please let me know, as I spent endless hours dealing with “cross-compiling kernel modules for Android” headaches. Actually the aim of this post is to save you from “some” of that pain when compiling LiME.
Enjoy and stay tuned for Part II!
I have just uploaded to the Papers & Presentations section the slides for my talk on “Latest Advances in Android Forensics” (in Spanish) at the 1st International Symposium for Android Security held in Malaga last week:
- Últimos avances en Análisis Forense de sistemas Android (PDF – 3,8 Mb)
This is the post I should have written months ago, actually back in November last year, when I joined the Foundstone practice (part of McAfee Strategic Security Services) as Principal Architect for EMEA.
But time has been scarce, with lots of new developments and challenges both in my personal and professional life, including spending a month in New York (thanks to the Foundstone crew in Manhattan for their hospitality!), teaching Malware Analysis along with Christiaan Beek, Melissa Augustine and the rest of the Foundstone EMEA team in BlackHat Abu Dhabi and catching ‘chombies’ and other malware on various Incident Response engagements across Europe.
When Prevention Fails: Extending IR and Digital Forensics to the Corporate Network (slides from SANS Boston 2011)
Thanks to Barbara Basalguete, Stephen Northcutt and the rest of the SANS crew for the opportunity to participate in such a great event, as well as to all the attendees that preferred to stay around after a long training day instead of heading off to Harvard Square for Friday party!
When Prevention Fails: Extending IR and Digital Forensics capabilities to the corporate network
2011 is being a big year for cybersecurity incidents with high profile attacks reported against large organizations including HBGary Federal, RSA, Lockheed Martin and several Sony companies among others. With smarter intruders that can make use of both very sophisticated attacks and simple, yet effective, phishing attacks against our users, everyone should assume that at some point their preventive measures will fail, and that sooner or later you will have to recover from a future intrusion. Based on this assumption several questions arise: When prevention fails, what is left? Am I ready to detect, react and recover from an intrusion? What can Network Security Monitoring and Digital Forensics do for me?
Ismael’s talk will address these questions, describing the latest trends in computer attacks and intrusions, including the use of Botnets and what has been called the Advanced Persistent Threats (APT). Lastly, Ismael will show how Network Security Monitoring (NSM) and Digital Forensics methods and tools can be extended to the corporate network to assist in the early detection and investigation of these threats. Best practices and techniques on how to do NSM, full packet capture, network forensic analysis and data carving will be discussed, along with some live demos using tools that are available to any security practitioner.
Mac OS Forensics How-To: Simple RAM Acquisition and Analysis with Mac Memory Reader (Part 1) – update (and Part 2)
Welcome to Passionate about Information Security on ismaelvalenzuela.com
Since he founded one of the first IT Security consultancies in Spain, Ismael Valenzuela has participated as a security professional in numerous international projects across EMEA, India and Australia in the last 11 years.
Author of security articles for Hakin9, INSECURE Magazine and the SANS Forensics Blog, Ismael serves on the GIAC Advisory Board and is a Community SANS Instructor for the Computer Forensics and Intrusion Detection tracks. He holds a bachelor's degree in computer science from the University of Malaga (Spain), is certified in Business Administration, and holds several professional certifications including GREM, GCFA, GCIA, GCIH, GPEN, GCUX, GCWN, GWAPT, GSNA, CISSP, ITIL, CISM and IRCA 27001 Lead Auditor from Bureau Veritas UK.
Disclaimer: This blog represents my own opinion, observations, and thoughts. Anything posted here does not represent my employer, the opinion of my employer or any other organization.