A Geek's Guide to Digital Forensics

or How I Learned to Stop Worrying and Love the Hex Editor

Andrew Hoog provides a technical introduction to digital forensics geared towards fellow geeks who think tinkering with data in hex is fun and interesting. The talk will gives a brief background on forensics and important concepts including acquisition and verification techniques. Forensic analysis, the really fun stuff, is covered in detail including specific a walkthrough on how to carve YAFFS2 timestamps from a nandump of an Android device. Finally, he will cover the emerging intersection of digital forensics and traditional security, specifically mobile app security and continuous forensic monitoring of key systems.

The slides are available.

Andrew Hoog is a computer scientist, certified forensic analyst (GCFA and CCE), computer and mobile forensics researcher, author of two forensic and security books, expert witness and co-founder of viaForensics, an innovative digital forensic and security firm. He divides his energies between investigations, forensic software development, and research in digital forensics and security. He also has two patents pending in the areas of forensics and data recovery. He lives in Oak Park, IL, where he enjoys spending time with his family, traveling, great wine, science fiction, and tinkering with geeky gadgets.