The speakers for DojoSec Monthly Briefings for June 4, 2009 are set. Feel free to pass this information along to a friend so they can register.
Date: June 4, 2009
Time: 6:00 - 9:30 PM
Entry Fee: $1
Location: Capitol College - Avrum Gudelsky Memorial Auditorium
WHAT TO DO WITH THE UNKNOWN?
Alain Zidouemba, Sourcefire - http://www.sourcefire.com
Clam AntiVirus is an open source anti-virus toolkit for UNIX systems. The main purpose of this software lies in the integration with mail servers enabling mail attachment scanning before the end user receives a virus. Like other anti-virus software, the engine for ClamAV has pattern matching technology at it's heart. Updates to the malware signatures are released on a regular basis by ClamAV Researchers. When no signatures are available however, or when updates are not coming fast enough the only option is to create signatures. Fortunately, ClamAV signatures are open and this enables the administrator to fill in the gap for themselves.
Alain Zidouemba was born in Ouagadougou, Burkina Faso. He studied Mathématiques Supérieures and Mathématiques Spéciales at the Lycée Jacques Amyot in France and Electrical and Computer Engineering at Howard University in the US. He worked in the area of network modelling and simulation at OPNET Technologies before taking a position at PestPatrol as a Spyware Researcher. He later joined Computer Associates to work on intrusion prevention and behavioral malware analysis. Alain recently became part of the Vulnerability Research Team (VRT) at Sourcefire and performs research in the areas of intrusion prevention and anti-malware.
HOW NOT TO GET PWND BY YOUR CLIENTS
Richard Goldberg, Esq. - http://www.goldberglawdc.com
In your service and employment contracts, there are certain things you should never agree to, and there are certain protections you always need. Otherwise you're essentially betting your future, and the future of your company, on the hope that nothing will go wrong. Ever.
This talk will tell you how to keep yourself out of trouble. Topics will include dealing with "standard" contracts and "standard" provisions; what it means to "indemnify" someone else; how to protect your intellectual property and confidential information; and other dangers, including warranties and audit-rights provisions. It will also cover some negotiation strategies.
Richard is a Java architect-turned lawyer. Having worked in software beginning in the mid-90s with commercial customers and federal/DOD contractors and agencies, Richard has represented small information security companies and some of the largest names in OpenSource.
GETTING PHYSICAL WITH MOBILE DEVICES
Eoghan Casey, cmdLabs
Acquiring and analyzing physical memory is one the more challenging aspects of mobile device forensics, but can also be one of the most rewarding. Delving into deleted data on a mobile device can uncover valuable information, particularly when an individual took steps to conceal his activities.
This seminar covers various techniques and tools for dumping and analyzing physical memory from mobile devices, including Flasher boxes. In addition, we will provide examples of items recovered from physical memory that are not accessible using most forensic tools.
As we become more adept at obtaining deleted data from physical memory, some manufacturers are taking steps to enhance the security of their devices. We will discuss potential approaches to circumventing these security measures, with the hope that we can continue to improve our abilities to recover useful information from mobile devices.
Eoghan Casey is founding partner of cmdLabs (www.cmdlabs.com), author of the foundational book Digital Evidence and Computer Crime, and coauthor of Malware Forensics. For over a decade, he has dedicated himself to advancing the practice of incident handling and digital forensics. He helps client organizations handle security breaches and analyzes digital evidence in a wide range of investigations, including network intrusions with international scope. He has testified in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases.
Eoghan has performed thousands of forensic acquisitions and examinations, including e-mail and file servers, mobile devices, backup tapes, database systems, and network logs. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs for a variety of organizations. In addition, he conducts research and teaches graduate students at Johns Hopkins University Information Security Institute, is editor of the Handbook of Digital Forensics and Investigation, and is Editor-in-Chief of Elsevier's International Journal of Digital Investigation.