Abstract: Imaging a disk before analyzing its contents is usually good forensics practice, but what happens if that disk has been programmed to self-destruct when imaged? This fast-paced lecture describes how a disk can be built to defend itself from forensic imaging, but also some techniques that might be used to defeat anti-forensic features.


Bio: Travis Goodspeed is a reverse engineer from Southern Appalachia. With neighbors from Dartmouth, he crafted the Facedancer board for USB device emulation and device driver fuzzing, as well as the Packet-in-Packet technique for remotely injecting into Layer 1 from Layer 7 on wireless networks. With neighbors from Eurecom, he built a remotely accessible backdoor that hides in the firmware of a hard disk. He rebuilt a naval satellite dish to track LEO satellites, and his iPod will give up only Rick Astley lyrics when imaged.