Forensics Discovery

Security workshop

Wietse presents lessons learned about persistence of information in file systems and in main memory of modern computers – how long information persists and why. The results are based on measurements of a variety of UNIX and Linux systems, with some results for Windows/XP, including how to recover encrypted files without knowing the key.

http://www.first.org/resources/papers/tc-oct2005/venema-wietse-slides.pdf
Type: Slides
Format: application/pdf
Last updated: October 25, 2005
Size: 426 Kb

Presenters

Wietse Venema (IBM, US)
Wietse Venema is known for his software such as the TCP Wrapper and the POSTFIX mail system. He co-authored the SATAN network scanner and the Coroner's Toolkit for forensic analysis, and wrote a book on forensic computing with Dan Farmer. Wietse received awards from the System Administrator's Guild (SAGE) and from the Netherlands UNIX User Group (NLUUG). He completed his two-year term as the chair of the international Forum of Incident Response and Security Teams (FIRST). Wietse has a Ph.D. in physics and is a research staff member at the IBM T.J.Watson research center in the USA.