Hiding the breadcrumbs: Anti-forensics on SAP systems presented at Troopers 2014

by Will Vandevanter, Juan Perez-etchegoyen,

URL : http://www.troopers.de/wp-content/uploads/2013/11/TROOPERS14-Hiding_the_breadcrumbs_Anti-forensics_on_SAP_systems-JuanPerez-Etchegoyen+Will_Vandevanter.pdf

Summary : SAP systems are running our most critical business processes. SAP security has been increasing over time due to SAP themselves pushing new and more secure products and default configurations with each release. Despite that, SAP systems are increasingly being targeted by attackers, with recent attacks being published in the mainstream news. SAP systems need to be ready for a Forensics analysis, so the big question is: Are your systems prepared to retain the attackers breadcrumbs in the event of an attack?
In this talk, we will show novel techniques being used by attackers to avoid being detected during post attack forensic investigations. Vulnerabilities related to anti-forensic techniques will be presented together with their mitigation.