Defcon 21 - Forensic Fails - Shift + Delete Won't Help You Here

  Рет қаралды 634,832

HackersOnBoard

HackersOnBoard

10 жыл бұрын

Eric Robi & Michael Perklin
August 1st--4th, 2013
Rio Hotel & Casino • Las Vegas, Nevada

Пікірлер: 677
@Kenazzle
@Kenazzle 9 жыл бұрын
That CP one was actually horrifying because it meant without the work of these two brilliant analysts that poor guy would have been found guilty along with all the stigma that goes along with being a known paedophile. That guy's life was literally on the edge of the knife.
@thethreeheadedmonkey
@thethreeheadedmonkey 8 жыл бұрын
Kenazzle Metaphorically.
@Kenazzle
@Kenazzle 8 жыл бұрын
thethreeheadedmonkey Literally a metaphor.
@thethreeheadedmonkey
@thethreeheadedmonkey 8 жыл бұрын
It's settled then, his life was literally metaphorically on a knife's edge.
@Againsttheflood
@Againsttheflood 8 жыл бұрын
thethreeheadedmonkey Actually, prison is pretty damned bad for pedophiles. Prisoners are a nasty bunch in general, but pedophiles get the absolute worst of the hate among other prisoners. So his life very well could have been literally on the edge of a knife, even if it was just a prison shank.
@thethreeheadedmonkey
@thethreeheadedmonkey 8 жыл бұрын
Prison shanks usually have tips, not edges, Captain Megapedantic.
@esper4605
@esper4605 9 жыл бұрын
best wiping pattern ever.
@LaskyLabs
@LaskyLabs 4 жыл бұрын
fuck you
@NigelNquande
@NigelNquande 4 жыл бұрын
411 Y0|_|Γ B453 4Γ3 B310|\|9 70 |_|5?
@fostxswire1600
@fostxswire1600 4 жыл бұрын
When you want them to check the unallocated space.
@whetfaartz6685
@whetfaartz6685 4 жыл бұрын
​@@NigelNquande ur base belng to deez nutz
@SirArturia
@SirArturia 4 жыл бұрын
Would anyone be courteous to explain to me what that meant please? I just got into DEFCON. I get that it's funny but I don't understand enough to know why lol.
@TheColourAwesomer
@TheColourAwesomer 6 жыл бұрын
The banter between the two for drinking a single beer is excruciating.
@DerekMartell
@DerekMartell 4 жыл бұрын
I think working in legal forces a character of down-to-earth simpleness, with an easy to digest, 1:1 concepts-to-application kind of speaking and presentation. We're supposed to see their logic, they act as stewards for us. Imagine public speaking when your job is literally public speaking but people's liberties and lives are on the line. Lmao
@lonelylongdistancekiller9844
@lonelylongdistancekiller9844 3 жыл бұрын
@@DerekMartell wtf dude stop posting this lol.
@DanielLopez-up6os
@DanielLopez-up6os 2 жыл бұрын
One of my Favourite Defcon Talks that i keep cming back to when i need a laugh.
@B.D.B.
@B.D.B. 6 жыл бұрын
I wiped my drive at my former employer simply because I had all my passwords saved and I didn't want anything left behind. Kinda scary to think that could have been enough to prove I stole anything and bankrupt me, ruining my future for ever.
@jermainerace4156
@jermainerace4156 5 жыл бұрын
By itself that is not enough, I wouldn't think. But if your new company started doing business with a lot your old companies clients, or started using a technique pioneered by your old company, then maybe.
@darkspace5762
@darkspace5762 5 жыл бұрын
You should always separate work and regular accounts and never connect your devices to corporate wifi. Your employer doesn't trust your devices that you bring from home, they assume you have all kinds of crap and spyware on it, and you shouldn't trust their network either
@nonnymoose7005
@nonnymoose7005 5 жыл бұрын
But your hard disk wiping software didn't leave examiners a convenient note expressing your intent to fight them...
@BlueEyesWhiteTeddy
@BlueEyesWhiteTeddy 4 жыл бұрын
Just because that is the pattern used doesn't mean jack shit. I found it pretty funny so why wouldn't i use that or similar patterns?
@nonnymoose7005
@nonnymoose7005 4 жыл бұрын
Nothing is stopping you from doing that. It would definitely make you look bad in front of a jury though.
@SirDamned
@SirDamned 9 жыл бұрын
Which one should I drink from? "yes"
@Yuzuki1337
@Yuzuki1337 8 жыл бұрын
+Moo Good answer
@Alexmagno7
@Alexmagno7 7 жыл бұрын
Moo xddd
@Niels_kist
@Niels_kist 7 жыл бұрын
Moo i
@MajkaSrajka
@MajkaSrajka 6 жыл бұрын
He is clearly the man of culture.
@Phantomagix
@Phantomagix 5 жыл бұрын
That's what people say when they drink alcohol for the first time in their lives.
@asdfghyter
@asdfghyter 9 жыл бұрын
Defcon - the drinking game
@karelmirim5547
@karelmirim5547 5 жыл бұрын
For entire family!
@condormusicman
@condormusicman 3 жыл бұрын
42:12
@renakunisaki
@renakunisaki 7 жыл бұрын
Wait, you gave the guy crap for having Nickelback albums, but he didn't! They were just porn renamed so nobody would open it!
@mipmipmipmipmip
@mipmipmipmipmip 7 жыл бұрын
Rena Kunisaki Actually pretty smart social engineering, most people when seeing 'Nickelback' would just giggle and look further.
@BenjaminAshmead
@BenjaminAshmead 6 жыл бұрын
this is pretty interesting, but goddamn, these guys are some turbonerds
@technosteed4644
@technosteed4644 5 жыл бұрын
Yeah, they shouldn't try so hard to push gags.
@HelloKittyFanMan.
@HelloKittyFanMan. 5 жыл бұрын
OK, let's see, @@technosteed4644, gimme an example.
@shimlaDnB
@shimlaDnB 5 жыл бұрын
they're just a bit uncomfortable with speaking for hundreds of people that are experts in their exact fields. Please try anything like this and i'll happily call you a turboNerd while you're doing it
@X4Alpha4X
@X4Alpha4X 5 жыл бұрын
i think its just a product of the time, this kind of humor was really prevalent in 2013
@therealb888
@therealb888 4 жыл бұрын
@@shimlaDnB lol looks like ur a fucking nerd too!, STFU and be normal!
@57thorns
@57thorns 4 жыл бұрын
The last one was brutal, but is also shows just how horribly bad things can go when you have the wrong people against or for you. That poor guy basically had to uproot his whole life and start fresh, which a few million dollars might help with but it is mostly just a small help getting started.
@thegardenofeatin5965
@thegardenofeatin5965 5 жыл бұрын
Ugh this is back when everyone was yelling "fail" all the time.
@Jack-sy6di
@Jack-sy6di 4 жыл бұрын
I think even by 2012 it was pretty lame
@guitarer99
@guitarer99 4 жыл бұрын
bro you just posted fail
@userPrehistoricman
@userPrehistoricman 4 жыл бұрын
And the audience are annoying. DEFCON has changed
@larshassing3938
@larshassing3938 4 жыл бұрын
I usually read some of the comments before starting the video. I saw this, and thought; " wtf has that to do with anything, what about the content?" I am now 6 and half minute in, and... I... see why you wrote that. Jesus Christ
@patemathic
@patemathic 3 жыл бұрын
good times
@jeffreyblack666
@jeffreyblack666 5 жыл бұрын
Maybe the RDP guy was clever, connecting to a first computer with RDP without his printers, then sharing the printers of the subsequent machine?
@javabeanz8549
@javabeanz8549 5 жыл бұрын
Seems like there should be a subtitle of "Don't use Windows, unless you want to get caught" lol
@TheUltimateYouTuberyay
@TheUltimateYouTuberyay 2 жыл бұрын
#Linuxmasterrace
@tzisorey
@tzisorey 7 жыл бұрын
Hmm, overwriting sectors, even with random data, can almost always be detected? What if you had a destruction tool that grabbed blocks of data from a non-deleted file, and used that to overwrite the deleted data? To make it look like a different file had been on those blocks, and had been deleted?
@triplemania5550
@triplemania5550 5 жыл бұрын
Normally when files are deleted, you can see they were deleted, but still scrape the data from the disk sectors as long as nothing overwrote those. Now the sectors were overwritten by a repeating "Fuck you" pattern, which doesn't happen unless they're deleted on purpose by someone who wants to hide what was deleted. Indicating they were deleted ON PURPOSE and with BAD INTENTIONS. Tzisorey suggests overwriting the sectors with data commonly found on any computer, instead of using this "Fuck you" pattern. Sure you could still see something was deleted, but it could look like normal activity, like system updates or memcaches. It's no longer certain that it was deleted and overwritten on purpose, and you can no longer assume the bad intentions. So yeah it could matter.
@qqqqqqqqqqqqqqqqqqqqqqqqqqw
@qqqqqqqqqqqqqqqqqqqqqqqqqqw 4 жыл бұрын
It would look the same. What you'd have to do is fill the drive with new files.
@LT89NL
@LT89NL 4 жыл бұрын
@@triplemania5550 The first part (that it as clear they did it on purpose) I totally agree with you, however not with the second part (that is was with bad intentions). Just like Tor or most Pentesting software it can be used for both good and bad things, but using them doesn't make you bad by definition. For all you know the guy had sensitive things on his hard disk, like a list of passwords to important accounts, or he was into some really kinky (but none the less legal) porn and didn't want any traces of it to remain on his hard disk, or any other legitimate reasons for overwriting deleted files.
@adrenaline19
@adrenaline19 8 жыл бұрын
Who needs Big Bang Theory when you have real-life awkward nerds like these guys.
@HelloKittyFanMan.
@HelloKittyFanMan. 5 жыл бұрын
You do, just for not understanding what question marks are for and how to use them.
@HelloKittyFanMan.
@HelloKittyFanMan. 4 жыл бұрын
@Sean Price: Actually, _you_ are the one who's wrong. If it's a rhetorical *question,* then it's still a *question,* and thus still requires a *question mark* to be... well, not grammatically (since that's just about sentence structure), but _punctuationally_ correct (and thus, linguistically correct for English, which includes other things like grammar and spelling). What questions of rhetoric don't require are _explicit answers_ from the person or people that the *questions* (with *question* marks) are posed to.
@HelloKittyFanMan.
@HelloKittyFanMan. 4 жыл бұрын
@Sean Price: Uh, yes. Your last reply shows that you're clueless about how it works.
@HelloKittyFanMan.
@HelloKittyFanMan. 4 жыл бұрын
@Sean Price: Oh, you just complimented yourself. How cute!
@HelloKittyFanMan.
@HelloKittyFanMan. 4 жыл бұрын
Dumb @Sean Price, when you were talking about imagination, you weren't talking about me, because you connected that to a child. So naturally you were just talking about yourself! But thanks for backpedaling now to correct yourself about your trashy imagination. Just because someone's correct doesn't mean they're "arrogant" like you are. So-called "grammar book," meet dictionary! rhetorical question: A question asked solely to produce an effect or to make an assertion and not to elicit a reply, as “What is so rare as a day in June?” What's that thing right at the end of the question the dictionary shows, just before the quotation mark?
@JoshCano
@JoshCano 7 жыл бұрын
The audio on this is awesome! Thank you for the upload!
@KC16A6
@KC16A6 4 жыл бұрын
Michael seems a little nervous... however, his explanations are clear AND he makes good jokes ^^ Eric Rob is quite the connoisseur in fraud. Very nicely put. Thanks for all this info and laughter guys :)
@gerff01
@gerff01 8 жыл бұрын
I do have a problem with case #1. If this is all of the evidence they had against him, there is no way he should have been found guilty, at all. They can tell you deleted something, okay, but without KNOWING what was deleted and unrecoverable they have nothing but speculation. I am hoping there was actual evidence to base the verdict on, but the way the legal system works in this country now, it is actually very possible that they did not and used the sole fact that he deleted something unknown to base their decision on.
@DoubleM55
@DoubleM55 8 жыл бұрын
+Gerff Exactly, maybe he had pictures of himself naked or his gf naked, and he knew that they would look at his drive and he wiped that data. Not cool if that's why he got in trouble...
@chopinbloc
@chopinbloc 7 жыл бұрын
Remember, it's a work computer and a civil case so they may only need to prove he violated policy by a preponderance of the evidence. Destroying data may be a violation of company policy.
@gerff01
@gerff01 7 жыл бұрын
The Chopping Block May and Might are not facts, were any of these stated in their case? Making assumptions isn't contributing.
@chopinbloc
@chopinbloc 7 жыл бұрын
Yeah, you should stop making assumptions.
@gerff01
@gerff01 7 жыл бұрын
What kind of ridiculous bullshit has been fed into your mind as a child? If they don't know what it was, they cannot know it was evidence.
@irvalfirestar6265
@irvalfirestar6265 8 жыл бұрын
so, according to #1 people can sue you for using a drive wiping program if you can just vaguely connect a case to you
@Brakvash
@Brakvash 8 жыл бұрын
+Irval Firestar yep, he might've been exceedingly stupid and just hated his job
@SomeGuyFromCrowd
@SomeGuyFromCrowd 8 жыл бұрын
+Irval Firestar It indicates you were trying to cover something up, which is suspicious.
@mysteryshrimp
@mysteryshrimp 8 жыл бұрын
+Steven Haussmann But not proof of anything actually untoward. It's like a teenage boy having an air freshener in his car. I hope that there was more concrete proof than a wipe program.
@roguepackets2198
@roguepackets2198 8 жыл бұрын
+Steven Haussmann That "something" could always just be an extramarital affair.
@livedandletdie
@livedandletdie 8 жыл бұрын
+Rogue Packets But you must agree using • Fuck You • over and over again as a overwrite is actually genius. I mean it's a dick move, but at least it was a blatant punch in the face to anyone wanna look at the unallocated Memory. However Null wiping had been a less offensive way to do the same.
@wacer0
@wacer0 10 жыл бұрын
I found it interesting...nothing bored and they mention some useful tools
@zephyfoxy
@zephyfoxy 5 жыл бұрын
That last story caught me so off guard, and like some older comments here, it's really really fucking scary how easy someone could frame you for such a thing. People make jokes about "trust no one" but damn, this really makes you want to trust NO ONE.
@bailey125
@bailey125 5 жыл бұрын
Why is it that every Defcon conference I've seen those guys wearing the medal things always comes up and interrupts the speakers? Very annoying.
@SilverDragonsmx
@SilverDragonsmx 4 жыл бұрын
They're the goons They have new speakers do a shot while they're doing their talk. Kinda a "tradition" of sorts
@TheRockacer22
@TheRockacer22 4 жыл бұрын
Presenter: *breathes* Audience: (in unison) FAIILLLLLL faIL FaIL FAAILLLfAILL
@doncristobalaspee5925
@doncristobalaspee5925 8 жыл бұрын
So when you hear all about these forensic examinations of hard drives, reading magnetic patterns with electron microscopes because it's been overwritten, is that ever taking place? It sounds like it's not needed from the ineptness shown by the people in these examples.
@bugmenot512
@bugmenot512 8 жыл бұрын
+Escobar Manchulo Those are academic theories that only apply to specific (older) models of drives, in edge cases. Even so, just use encryption and this is a non-issue when disposing of drives with even the most valuable information.
@dougangotblocked
@dougangotblocked 10 жыл бұрын
I know half this shit is based on real cases but i laughed my ass off - thanks buddy
@PaulHenning84
@PaulHenning84 9 жыл бұрын
Look up BTK and Swirlface for some real hilarious stories of forensics fails
@therealdontclickme
@therealdontclickme 4 жыл бұрын
Damn i kinda wanna know what ended up happening with the guy in the last case? did he get back with his wife? did he win the court case against the state?
@mac1991seth
@mac1991seth 5 жыл бұрын
I wonder if it would be possible to create a software that progressively overwrites your documents with mp3 files (i.e. from iTunes or Google Play) and then changes all extensions to .mp3. Would forensic IT be able to find the meddling and provide the company with a proof of suspected behavior?
@chaos.corner
@chaos.corner 6 жыл бұрын
You can sometimes extract text from PDF so OCR may not have been necessary (I have seen where the text was in an image though).
@WorBlux
@WorBlux 8 жыл бұрын
Fail #1. Now there is SSD with TRIM support, which automatically zeroes out some of the unallocated space on supported platforms.
@bugmenot512
@bugmenot512 8 жыл бұрын
+WorBlux And here I was thinking of the OS level or file system driver...
@goyabee3200
@goyabee3200 7 жыл бұрын
I'm pretty sure that by the time of this talk fedoras were considered pretty unfashionable
@thecodingethan
@thecodingethan 7 жыл бұрын
who gives a fuck about fashion
@j.67
@j.67 7 жыл бұрын
people who get laid
@thecodingethan
@thecodingethan 7 жыл бұрын
off
@tomthorburn2922
@tomthorburn2922 7 жыл бұрын
XDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
@osuf3581
@osuf3581 7 жыл бұрын
*roll eyes*
@lokistrombringer4871
@lokistrombringer4871 8 жыл бұрын
4:10 anybody an idea what program "Bob" used? i really need this in my Life xD
@senjiukanuba5569
@senjiukanuba5569 6 жыл бұрын
Can someone explain the first case to me? Could they prove that he had that list? I thought they could only prove that he deleted something. Also, if he filled his harddrive to the brink with movies or computer games and deleted those again, would that have the same effect as running one of those tools to remove evidence of a deleted file?
@MultiClittle
@MultiClittle 6 жыл бұрын
Based on the technical skill shown here I guess I could be running my own computer forensics company
@samyuj
@samyuj 5 жыл бұрын
amazeballs username!!
@CellVendettahehe
@CellVendettahehe 5 жыл бұрын
Defcon stuff is always dumbed way down from the actual work that's been done. It's a social event, not an educational facility.
@MrMikomi
@MrMikomi 5 жыл бұрын
c lit you'd have to do "thousands of exams" to be this clever
@bluesdealer
@bluesdealer 5 жыл бұрын
Nobody’s stopping you. Put your money where your mouth is.
@destiny_02
@destiny_02 Жыл бұрын
Whats that blue light movie on his shirt !
@misakamikoto8785
@misakamikoto8785 4 жыл бұрын
Question, so how do you prevent someone just use his/her cell phone camara to capture all sensitive data on their personal phone?
@himabimdimwim
@himabimdimwim 4 жыл бұрын
dont allow cellphones in the area.
@FingerinUrDaughter
@FingerinUrDaughter 6 жыл бұрын
on the cp thing, there are issues with windows that can cause the system to constantly overwrite the creation, edit, and access dates to the current date. mine does it all the time with certain folders.
@DotNetRussell
@DotNetRussell 5 жыл бұрын
Awesome presentation and great choice of ending music!
@TheNonplayer
@TheNonplayer 6 жыл бұрын
I can't finish watching these guys.....
@andreeace4894
@andreeace4894 4 ай бұрын
Wasnt it ctrl+shift+delete? But yeah, even with shift+delete it wont fully delete in some cases...BUT i forgot how it can be restored...surly someone wrote somewhere how...
@Der_Arathok
@Der_Arathok 7 жыл бұрын
Can you see if someone burned a CD?
@ghollisjr
@ghollisjr 5 жыл бұрын
Seems like quite a lot of these detection methods would be thwarted by using a live cd of some kind of Linux and putting documents on a thumb drive. Anyone know of a weakness with that strategy?
@darkspace5762
@darkspace5762 5 жыл бұрын
The BIOS could be locked down so you can't boot off anything but Windows. That's not really a weakness but in some organizations it just means that you wouldn't be able to exfiltrate data this way. Also you would only be able to do this with a laptop clearly because if you did this on a workstation in your office cubicle, someone might notice. The administrator might also have a policy where the HDD is encrypted, or files are only stored on network drives.
@pault151
@pault151 5 жыл бұрын
Mmmm, yup. Anything that goes through the firewall is logged. A Linux just sandboxes the data that you are looking at on the PC, it doesn't make the TCP/IP look any different. Oh look, that machine just requested info from preggers-porn.com! Oh, that network node is sending large files to MyCloudData and our company doesn't have an account there! Oh, that PC is trying to open a connection to a VPN provider that isn't ours! That network node has an unfamiliar machine ID and it's requesting data from our high security database! REDALERT.
@MrLusciousFox
@MrLusciousFox 7 жыл бұрын
With the deletion thing what if you just filled up your HDD with garbage data? Like you intentionally emailed yourself a worm that multiplied until you you were full and then just deleted all those garbage files?
@cooper512
@cooper512 5 жыл бұрын
Thats basically what they did with the fuck you thing
@butteredtoast8666
@butteredtoast8666 4 жыл бұрын
What was the cat balloon thing about?
@happysprollie
@happysprollie 7 жыл бұрын
Which one is Beavis...?
@corriblehunt4554
@corriblehunt4554 5 жыл бұрын
The one in the twat hat, I think
@messiha666
@messiha666 4 жыл бұрын
I'm glad they were able to clear that guy in the last case. That must've been a horrible thing to go through
@lbgstzockt8493
@lbgstzockt8493 7 ай бұрын
This video is a great resource for those who wish to exfiltrate data.
@lalanotlistening
@lalanotlistening 4 ай бұрын
“mean phrases will make people dislike you” - guy who put the R-slur in a powerpoint
@Inertia888
@Inertia888 5 жыл бұрын
probably would have been fine with just one adderall
@connorhorman
@connorhorman 5 жыл бұрын
*Stores a valid PE/exe File with data destruction* Can you trace that?
@invntiv
@invntiv 5 жыл бұрын
Holy shit. This is like entering a wormhole and going back to 2013... #Winning
@forton615
@forton615 4 жыл бұрын
40:48 The date of the files they talk about is in 2012, government drops charges years later, this video is uploaded in 2013... Am I missing something here?
@randomgrapesoda
@randomgrapesoda 4 жыл бұрын
That's spooky
@Hexagonaldonut
@Hexagonaldonut 2 жыл бұрын
They did mention a lot of the case details were changed; the actual case probably happened years earlier, and they almost certainly couldn't use the original dates, so they replaced them. Why 2012 specifically? Iunno.
@potionseller9
@potionseller9 6 жыл бұрын
Ok, new idea for anti-forensics: Download gigabytes of the most disguting images you can find to your hard drive and change the file ending.
@Jrez
@Jrez 4 жыл бұрын
I'm confused, if you were going to steal IP from your old company to bring to a competitor, why would you do it on your work computer? Wouldn't iit make more sense just to copy all the files you need onto a private, or even secret computer?
@septegram
@septegram 4 жыл бұрын
We're clearly not dealing with the best and the brightest here...
@JasperJanssen
@JasperJanssen 4 жыл бұрын
He didn’t say “yes, of course I wiped my drive, I moved to another job with a direct competitor. I wouldn’t want to accidentally take data with me.”?
@Hexagonaldonut
@Hexagonaldonut 2 жыл бұрын
If it had been any normal wiping pattern, he probably could've done that! But wiping with 'Fuck you' on repeat kind of precludes the idea that it was done with good intentions.
@JasperJanssen
@JasperJanssen 2 жыл бұрын
@@Hexagonaldonut having a “fuck you” attitude to an employer doesn’t mean it’s not e legitimate action to take.
@toomanyusers4me
@toomanyusers4me 10 жыл бұрын
Quality talk about experiences performing forensics analysis. Plenty of useful tidbits interleaved with some pretty funny stories.
@mipmipmipmipmip
@mipmipmipmipmip 7 жыл бұрын
Fail #3 could now be done without court order using some heavy Spark processing of the pdfs. Cost of the research might be an issue though.
@qharis-lm902
@qharis-lm902 7 жыл бұрын
So if you encrypt the whole disk, it will becompletely ok to shift-del? In case of an investigate, just destroy the key or something
@chubbysumo2230
@chubbysumo2230 7 жыл бұрын
you say that like its hard to change the bitlocker key? You just turn it off, and turn it back on. you can even make it harder by using EFS.
@PlasmaHH
@PlasmaHH 7 жыл бұрын
look at their first case. You will use on court anyways. "There might have been files" seems to be enough to be guilty, regardless of if that was just your porn collection...
@mipmipmipmipmip
@mipmipmipmipmip 7 жыл бұрын
Dennis Lubert Not for Hillary!
@gonorrheabreath3774
@gonorrheabreath3774 4 жыл бұрын
I'm thinking of what to call my new program in the covering of the tracks... how's about; infinite spectrum Quasimodo redundancy matrix
@Reth_Hard
@Reth_Hard 8 жыл бұрын
I find it funny when I see a conference guy that looks very nervous like that. He doesn't show it too much but I know that, inside of himself, he's completely terrified. :D
@2007Russdog
@2007Russdog 10 жыл бұрын
Had to pause and create a smoking gun.txt on my desktop for fun!
@KillTheUnicornsNow
@KillTheUnicornsNow 10 жыл бұрын
haha i did to
@Gerixgames
@Gerixgames 10 жыл бұрын
My Super Awesome Chanel That Is Way Better Than Yours always do it,
@QwertyuiopThePie
@QwertyuiopThePie 7 жыл бұрын
I just took a jpeg of an actual smoking gun and renamed it to "smoking_gun.txt". That way, if my hard drive is ever analyzed for any reason, that file'll be right on top!
@LavenderSystem69
@LavenderSystem69 6 жыл бұрын
+QwertyuiopThePie Nah, you need to think bigger; .png for the win, bruh
@MajkaSrajka
@MajkaSrajka 6 жыл бұрын
And make the file 6gb large!
@mick7909
@mick7909 4 жыл бұрын
Love these talks
@sandman89176
@sandman89176 8 жыл бұрын
How was the first guy prosecuted? In what way wiping data beyond restore off *your own* drive is illegal?
@TheMrVengeance
@TheMrVengeance 6 жыл бұрын
We don't know when this data was wiped. It's very possible he wiped it before receiving the subpoena. Would've been really useful if they told a little more about this.
@senjiukanuba5569
@senjiukanuba5569 6 жыл бұрын
Can you elaborate? How is he supposed to prove that he does not have the list? You could have that list too. How would you go about proving that you don't?
@benjaminmiddaugh2729
@benjaminmiddaugh2729 5 жыл бұрын
It was not his own drive. It was his company's drive. That matters.
@snbeast9545
@snbeast9545 5 жыл бұрын
It was a civil case, so they only had to show that he probably did something. Destroying evidence shows that something probably happened.
@ShroudedWolf51
@ShroudedWolf51 5 жыл бұрын
@@snbeast9545 IIRC, that's enough to shine suspicions on the case, but not enough to actually prosecute. It would have been nice to get more detail in this talk intended to deliver information rather than snorty giggling and "twelve year old trying to annoy his mum" humor.
@Josh.Davidson
@Josh.Davidson 3 жыл бұрын
lol. Jump lists are in Win 7 and later, they were not in Vista. So the guy was actually right in the presentation.
@ultraviolet.catastrophe
@ultraviolet.catastrophe 3 жыл бұрын
Any excuse to drink, am I right?
@Josh.Davidson
@Josh.Davidson 3 жыл бұрын
@@ultraviolet.catastrophe haha
@patar3323
@patar3323 5 жыл бұрын
Omg Charlie Sheen did that interview more than 5 years ago??
@MrNateFlax
@MrNateFlax 5 жыл бұрын
5:34 The Chad cryptographer VS the virgin FBI
@vodoo6665
@vodoo6665 3 жыл бұрын
Love Comic Sans - My fav font
@elliottg7192
@elliottg7192 9 жыл бұрын
what job is this?
@boxbox6290
@boxbox6290 8 жыл бұрын
Forensic pc experts ie a pakistani geek send 3000 paedophile images to your pc and demand 5000 pound or tell your wife you dont pay your wife get email n go to police your whole life get ruinned these guys are super heros they save your life n figure out it wernt u who downlaoded that shit
@timesthree5757
@timesthree5757 4 жыл бұрын
The problem with the first one is their must have been something else to catch the guy or his lawyers were crappy. cause the fact that you wipe something does not prove a crime. All it proves is something was wiped. Yo can't prove a negative. The reason I know this is because I've been in a lot of courtrooms in my 41 years. I remember a case that just got into the hearing and was thrown out by the Judge because while the hard drive's unallocated space was wiped they could not prove what was there but could only prove it was wiped.
@ghostlyparanoia
@ghostlyparanoia 10 жыл бұрын
Them god dayme check boxes..
@douro20
@douro20 4 жыл бұрын
The guy in the "Nickelback Guy" case would have had an even harder time hiding his files if it was a Linux system...
@patemathic
@patemathic 2 жыл бұрын
They could've just renamed them without changing the extension, as if they were Nickelback music videos
@JoArtsDev
@JoArtsDev 5 жыл бұрын
wait some dude got 100k sued and the proof was that he just destroyed something? he could have argued that is was just porn
@IscleGaming
@IscleGaming 6 жыл бұрын
What did we learn? Use a ubuntu live cd.
@jonathangatto
@jonathangatto 4 жыл бұрын
Why did he get fired from his new job?
@JunkCCCP
@JunkCCCP 7 жыл бұрын
Man, what a couple of cheeseballs.
@InAUGral
@InAUGral 6 жыл бұрын
When you start drinking beer because of the fails then fail more often due to drinking the beer.
@douro20
@douro20 4 жыл бұрын
The Magistr email worm filled hard disks with the text "YOU ARE SHIT"
@joshuarain2397
@joshuarain2397 3 жыл бұрын
Couldn't see the screen too well to read the program name and the audio didn't really seem to work for me hearing it. What's the name of that CP program?
@ultraviolet.catastrophe
@ultraviolet.catastrophe 3 жыл бұрын
LCP
@rshinra
@rshinra 6 жыл бұрын
Stop smacking into the mic
@Elite7555
@Elite7555 6 жыл бұрын
Dudes, it is so easy to set up an encrypted drive, even with system tools. I just don't get it...
@HelloKittyFanMan.
@HelloKittyFanMan. 5 жыл бұрын
Oops, there's no such thing as "PDF format."
@DevinDTV
@DevinDTV 5 жыл бұрын
what stops these 2 guys from fabricating evidence?
@xXevilsmilesXx
@xXevilsmilesXx 4 жыл бұрын
ethics?
@JohnDoe-nq4du
@JohnDoe-nq4du 4 жыл бұрын
@@xXevilsmilesXx Did you watch the video? They clearly have no ethics.
@xXevilsmilesXx
@xXevilsmilesXx 4 жыл бұрын
@@JohnDoe-nq4du I did. Which part specifically did you find unethical?
@jaifer8
@jaifer8 9 жыл бұрын
Did anyone go back to check if he grabbed the right beer?
@kobatohasegawa4862
@kobatohasegawa4862 7 жыл бұрын
If it's that easy to undelete emails, why is it such a big deal?
@yuyuko_s75
@yuyuko_s75 5 жыл бұрын
DIMENSIONS OF F A I L
@KingOhmni
@KingOhmni 4 жыл бұрын
11:05 A person that was a teenager when the first PCs were a thing helps me with my mid to high end gaming rigs from time to time (although less and less in my defense) and the first time I gave him my 1st PC he said he liked how I simply just had a folder labeled Porn within a subset of documents relating to a story I want to write. (the story docs were password protected naturally) I asked him how he knew that and he said he always goes looking for what kind of porn people have on their comps as it could bust a pedo and that people normally hide it in innocent sounding work related folders. He also said he respected my story password. I approved of this thinking but at the same time it tis somewhat of a violation of privacy, especially regarding muh story cos little did I know there is list of all passwords buried in the system of Windows that people in the know can easily access when using muh PC. So what I learned that day was the people who you hand your technology into for repairs probably know more about your habits than you might like. So what could people find who really want to find something? The answer is everything ever put into 1s and 0s as a rule of thumb.
@LoganDark4357
@LoganDark4357 5 жыл бұрын
The audio is so loud, wtf
@naix1977
@naix1977 7 жыл бұрын
4:00 Bob's case: probably used Active @ killdisk
@CrucialDuude
@CrucialDuude 4 жыл бұрын
Man, they're really meme spouting, turbonerds... but they do a good job.
@Blinkwing
@Blinkwing 10 жыл бұрын
At 0:15 on the left, is that Edward Snowden?
@TheSynStalker
@TheSynStalker 4 жыл бұрын
Reminds me of when a woman got fired at work and when they searched her computer they found she was using a messenger to talk to another woman and they were both saying really nasty rumor mongering shit about management. Other woman got fired after that too.
@Xvladin
@Xvladin 9 ай бұрын
That's pretty fucked up. Where I work, they wouldn't have us search through someone's computer just becuase we thought they might be saying something mean
@nothing-wp9ti
@nothing-wp9ti 6 жыл бұрын
How incompetent does that examiner in the last case have to be?
@fernandavaldivia2467
@fernandavaldivia2467 7 жыл бұрын
Como cuando eres la unica que habla espaňol neutro en Los comentarios:v Ahhh! Un clasico ksdjsxD
@robmckennie4203
@robmckennie4203 7 жыл бұрын
Why did the guy in case #1 lose? Just because he erased something from his harddrive? That's either bullshit, or they're skipping the detail of how they proved he had the list despite the erased harddrive
@VIRCHIT
@VIRCHIT 8 жыл бұрын
Ummmm that was some funny stuff. And it amused me jolly. Keep it up
@gnarlessagan6558
@gnarlessagan6558 9 жыл бұрын
I learned a lot, but oh my god these meme spouting nerds, I mean I'm as nerdy as the next guy but even I would give these guys some wedgies.
@alliefdxproductionservices5856
@alliefdxproductionservices5856 9 жыл бұрын
They make some pretty unsubstantiated and completely incorrect statements, too.
@janverhulst2220
@janverhulst2220 9 жыл бұрын
Yeah, I'm doing this kind of work on a daily basis and you don't get to "solve the case". You just relay facts and it's up to lawyers to take your information and work with it.. Those are human beings you're investigating and what they do is also very human. Kind of mean to label people who are less adept with computers as losers. I found these high-fiving beer-drinking stupid hat wearing nerds a bit too much for my own taste. Okay we get it, you 'solved the case' and get to feel superior to the succesful sales guy you just "apprehended".
@mindfulape8763
@mindfulape8763 9 жыл бұрын
I find it so hard to watch this video because these guys are the most socially awkward guys I have ever seen.
@suicidalbanananana
@suicidalbanananana 5 жыл бұрын
Mostly annoyed by Eric, Michael at least notices when a joke bombs. Decent talk regardless.
@uifdsf
@uifdsf 5 жыл бұрын
Jan Verhulst give them a break, they're massive nerds yes but for once in their life they get to look cool in front of guys who can understand and appreciate what they do
@ComradeRachel
@ComradeRachel 6 жыл бұрын
I oddy wished I worked in a position that a company would spend the money to research my company computer if I quit. Working for a retail company they will just format the computer , not like I know any trade secrets or anything lol. I really don't no one tells me shit.
@Johnwww07
@Johnwww07 6 жыл бұрын
you gonna bag em. arent you?
@MirekHeikkila
@MirekHeikkila 6 жыл бұрын
Now I'm thinking all prego porn has a soundtrack of NickleBack 0.o
@Docko412
@Docko412 8 жыл бұрын
I want these guys fucking jobs they have the greatest jobs on earth. So awesome.
@briansmith8749
@briansmith8749 5 жыл бұрын
Poor Edgar.
Галя вернула в детство @krus-kos
00:46
Кушать Хочу
Рет қаралды 6 МЛН
MICHIEL VS JUVENTUS WOMEN 🙈📏
00:26
Celine Dept
Рет қаралды 52 МЛН
How To Analyze The Cost Of A Programming Project?
7:25
Simple Programmer
Рет қаралды 13
DEFCON 17: That Awesome Time I Was Sued For Two Billion Dollars
31:28
Christiaan008
Рет қаралды 1,6 МЛН
Defcon 21 - Social Engineering: The Gentleman Thief
41:55
HackersOnBoard
Рет қаралды 369 М.
Black Hat 2013 - OPSEC Failures of Spies
25:11
HackersOnBoard
Рет қаралды 220 М.
Defcon 21 - The Secret Life of SIM Cards
42:36
HackersOnBoard
Рет қаралды 692 М.
Defcon 21 - Stalking a City for Fun and Frivolity
45:20
HackersOnBoard
Рет қаралды 245 М.
Google Pixel 4 pt.2
0:59
youngfix
Рет қаралды 1,5 МЛН
Cincin ponsel dengan fitur pembayaran 💸
0:51
Rasa Kayu
Рет қаралды 3,2 МЛН
ЭТОТ СМАРТФОН УДЕЛАЛ ФЛАГМАНЫ XIAOMI! 🤯
0:55
Thebox - о технике и гаджетах
Рет қаралды 497 М.