securitybananas.com

Subject: Forensics: recovering data and investigate it for valuable information.

Abstract: ‘File Carving‘ or sometimes simply carving, is the process of extracting a collection of data from a larger data set. Data carving techniques frequently occur during a digital investigation when the unallocated file system space is analyzed to extract files. The files are “carved” from the unallocated space using file type-specific header and footer values.
File carving is a powerful tool for recovering files and fragments of files when directory entries are corrupt or missing. Carving is also especially useful in criminal cases, where the use of carving techniques can recover evidence. In certain cases related to child pornography, Law Enforcement agents were able to recover more images from the suspect’s hard-disks by using carving techniques.
During this presentation you will get information about forensic research and how data carving fits in.

Hands-on: – testing tool(s) on some images to get grip
Little forensic challenge that the audience needs to complete
To support the audience, they will get a cd-rom with the necessary tools and images to complete the labs and final Challenge.

Audience will learn: The basics of data carving, how to do a little forensic investigation and the tools used.