Wietse Venema - Academia.edu (original) (raw)
Papers by Wietse Venema
Take-down policy If you believe that this document breaches copyright please contact us providing... more Take-down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.
Murphy's law and computer security
Focusing on MACtime information: File read/write activity generates file read/write access time e... more Focusing on MACtime information: File read/write activity generates file read/write access time entries in the file system journal.
This paper discusses lessons learned from a selection of computer security problems that have sur... more This paper discusses lessons learned from a selection of computer security problems that have surfaced in the recent past, and that are likely to show up again in the future. Examples are taken from security advisories and from unpublished loopholes in the author's own work.
Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration (IEEE IRI 2014), 2014
Report for early dissemination of its contents. In view of the transfer of copyright to the outsi... more Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g. , payment of royalties). Copies may be requested from IBM T.
Lecture Notes in Computer Science, 2011
We provide an analytical framework for basic integrity properties of file systems, namely the bin... more We provide an analytical framework for basic integrity properties of file systems, namely the binding of files to filenames and writing capabilities. A salient feature of our modeling and analysis is that it is composable: In spite of the fact that we analyze the filesystem in isolation, security is guaranteed even when the file system operates as a component within an arbitrary, and potentially adversarial system. Our results are obtained by adapting the Universally Composable (UC) security framework to the analysis of software systems. Originally developed for cryptographic protocols, the UC framework allows the analysis of simple components in isolation, and provides assurance that these components maintain their behavior when combined in a large system, potentially under adversarial conditions.
Praise for Forensic Discovery"Farmer and Venema do for digital archaeology what Indiana Jone... more Praise for Forensic Discovery"Farmer and Venema do for digital archaeology what Indiana Jones did for historical archaeology. Forensic Discovery unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder. I highly recommend reading this book."--Richard Bejtlich, TaoSecurityPraise for Real Digital Forensics"Real Digital Forensics is as practical as a printed book can be. In a very methodical fashion, the authors cover live response (Unix, Windows), network-based forensics following the NSM model (Unix, Windows), forensics duplication, common forensics analysis techniques (such as file recovery and Internet history review), hostile binary analysis (Unix, Windows), creating a forensics toolkit and PDA, flash and USB drive forensics. The book is both comprehensive and in-depth; following the text and trying the investigations using the enclosed DVD definitely presents an effective way to learn forensic techniques."--Anton Chuvakin, LogLogicPraise for File System Forensic Analysis"Carrier has achieved what few technical authors do, namely a clear explanation of highly technical topics that retains a level of detail making it valuable for the long term. For anyone looking seriously at electronic forensics, this is a must have. File System Forensic Analysis is a great technical resource."--Jose Nazario, Arbor NetworksThe Computer Forensics LibraryWith the ever-increasing number of computer-related crimes, more and more professionals find themselves needing to conduct a forensics examination. But where to start? What if you don't have the time or resources to take a lengthy training course? We've assembled the works of today's leading forensics experts to help you dive into forensics, give you perspective on the big picture of forensic investigations, and arm you to handle the nitty-gritty technicalities of the toughest cases out there.Forensic Discovery, the definitive guide, presents a thorough introduction to the field of computer forensics. Authors Dan Farmer and Wietse Venema cover everything from file systems to memory andkernel hacks and malware. They expose many myths about forensics that can stand in the way of success. This succinct book will get you started with the realities of forensics.Real Digital Forensics allows you to dive right in to an investigation and learn by doing. Authors Keith J. Jones, Richard Bejtlich, and Curtis W. Rose walk you through six detailed, highly realistic investigations and provide a DVD with all the data you need to follow along and practice. Once you understand the big picture of computer forensics, this book will show you what a Unix or Windows investigation really looks like.File System Forensic Analysis completes the set and provides the information you need to investigate a computer's file system. Most digital evidence is stored within the computer's file system, so many investigations will inevitably lead there. But understanding how the file system works is one of the most technically challenging concepts for digital investigators. With this book, expert Brian Carrier closes out the set by providing details about file system analysis available nowhere else.
to the Proceedings of the 22nd USENIX Security Symposium is sponsored by USENIX This paper is inc... more to the Proceedings of the 22nd USENIX Security Symposium is sponsored by USENIX This paper is included in the Proceedings of the 22nd USENIX Security Symposium.
Take-down policy If you believe that this document breaches copyright please contact us providing... more Take-down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.
Murphy's law and computer security
Focusing on MACtime information: File read/write activity generates file read/write access time e... more Focusing on MACtime information: File read/write activity generates file read/write access time entries in the file system journal.
This paper discusses lessons learned from a selection of computer security problems that have sur... more This paper discusses lessons learned from a selection of computer security problems that have surfaced in the recent past, and that are likely to show up again in the future. Examples are taken from security advisories and from unpublished loopholes in the author's own work.
Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration (IEEE IRI 2014), 2014
Report for early dissemination of its contents. In view of the transfer of copyright to the outsi... more Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g. , payment of royalties). Copies may be requested from IBM T.
Lecture Notes in Computer Science, 2011
We provide an analytical framework for basic integrity properties of file systems, namely the bin... more We provide an analytical framework for basic integrity properties of file systems, namely the binding of files to filenames and writing capabilities. A salient feature of our modeling and analysis is that it is composable: In spite of the fact that we analyze the filesystem in isolation, security is guaranteed even when the file system operates as a component within an arbitrary, and potentially adversarial system. Our results are obtained by adapting the Universally Composable (UC) security framework to the analysis of software systems. Originally developed for cryptographic protocols, the UC framework allows the analysis of simple components in isolation, and provides assurance that these components maintain their behavior when combined in a large system, potentially under adversarial conditions.
Praise for Forensic Discovery"Farmer and Venema do for digital archaeology what Indiana Jone... more Praise for Forensic Discovery"Farmer and Venema do for digital archaeology what Indiana Jones did for historical archaeology. Forensic Discovery unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder. I highly recommend reading this book."--Richard Bejtlich, TaoSecurityPraise for Real Digital Forensics"Real Digital Forensics is as practical as a printed book can be. In a very methodical fashion, the authors cover live response (Unix, Windows), network-based forensics following the NSM model (Unix, Windows), forensics duplication, common forensics analysis techniques (such as file recovery and Internet history review), hostile binary analysis (Unix, Windows), creating a forensics toolkit and PDA, flash and USB drive forensics. The book is both comprehensive and in-depth; following the text and trying the investigations using the enclosed DVD definitely presents an effective way to learn forensic techniques."--Anton Chuvakin, LogLogicPraise for File System Forensic Analysis"Carrier has achieved what few technical authors do, namely a clear explanation of highly technical topics that retains a level of detail making it valuable for the long term. For anyone looking seriously at electronic forensics, this is a must have. File System Forensic Analysis is a great technical resource."--Jose Nazario, Arbor NetworksThe Computer Forensics LibraryWith the ever-increasing number of computer-related crimes, more and more professionals find themselves needing to conduct a forensics examination. But where to start? What if you don't have the time or resources to take a lengthy training course? We've assembled the works of today's leading forensics experts to help you dive into forensics, give you perspective on the big picture of forensic investigations, and arm you to handle the nitty-gritty technicalities of the toughest cases out there.Forensic Discovery, the definitive guide, presents a thorough introduction to the field of computer forensics. Authors Dan Farmer and Wietse Venema cover everything from file systems to memory andkernel hacks and malware. They expose many myths about forensics that can stand in the way of success. This succinct book will get you started with the realities of forensics.Real Digital Forensics allows you to dive right in to an investigation and learn by doing. Authors Keith J. Jones, Richard Bejtlich, and Curtis W. Rose walk you through six detailed, highly realistic investigations and provide a DVD with all the data you need to follow along and practice. Once you understand the big picture of computer forensics, this book will show you what a Unix or Windows investigation really looks like.File System Forensic Analysis completes the set and provides the information you need to investigate a computer's file system. Most digital evidence is stored within the computer's file system, so many investigations will inevitably lead there. But understanding how the file system works is one of the most technically challenging concepts for digital investigators. With this book, expert Brian Carrier closes out the set by providing details about file system analysis available nowhere else.
to the Proceedings of the 22nd USENIX Security Symposium is sponsored by USENIX This paper is inc... more to the Proceedings of the 22nd USENIX Security Symposium is sponsored by USENIX This paper is included in the Proceedings of the 22nd USENIX Security Symposium.