Andrew Hoog

Founder

Andrew Hoog is a computer scientist, mobile forensics researcher, and Founder and Board Member of NowSecure. Hoog has one patent issued, and two pending, and is the author of two books on mobile forensics and security. When not breaking (or fixing) things, he enjoys great wine, science fiction, running and tinkering with geeky gadgets.

THOTCON 2013 – Mobile Security, Forensics, & Malware Analysis with Santoku Linux

Below is a presentation by Andrew Hoog, CEO of viaForensics, on April 26, 2013, at THOTCON in Chicago, IL. Titled “Mobile Security, Forensics, & Malware Analysis with Santoku Linux”, the presentation focused on live demos using Santoku Linux to extract data from Android and iOS devices. Oh, and it involved some live hacky sack, too (see below).

Abstract: Did you think there were a lot of mobile devices and platforms out there? Check out the hundreds of mobile tools being developed. We calculated it would take more time to install, test and maintain the various mobile tools than to actually fuzz the hell out all existing mobile operating systems. So, we created Santoku Linux, a F/OSS, bootable Linux distro to make life easier for mobile hackers. We pre-install not only the mobile platforms but promising tools in development. Santoku covers mobile forensics, mobile malware analysis and mobile security testing. This talk will introduce Santoku and provide demos of 1) how to forensically acquire and analyze Android and iOS devices, 2) several tools to perform security audits of mobile devices and apps, and 3) an approach to mobile malware analysis. All demos will leverage tools preinstalled on Santoku Linux. As a bonus, the talk will demonstrate another very different type of hacking. Throughout the talk, the sport of hacky sack (footbag) will be discussed and demoed including origins, how to play, why hacky sack is a great sport for hackers and how to perform different freestyle tricks. Audience participation will be encouraged.