Click. Plug Compromise: A Case Study of A Malware-Infected Camera

Diyar Saadi - Click. Plug Compromise: A Case Study of A Malware-Infected Camera This presentation was held at #BSidesBUD2026 IT security conference on 29 April 2026. Short description of the talk: Digital forensics plays a critical role in malware analysis by revealing execution traces, persistence mechanisms, and attacker behavior that may not be visible through static or dynamic malware analysis alone. This talk focuses on forensic artifacts from a malware analyst’s standpoint, emphasizing how Windows artifacts can be used to reconstruct attacker activity, validate malware execution, and correlate events across the system. The session begins with a brief overview of digital and computer forensics, followed by an explanation of the forensic investigation lifecycle as it applies specifically to malware analysis. Core forensic artifacts such as registry keys, event logs, file system metadata, and execution traces are introduced with an emphasis on their evidentiary value during incident response and post-compromise investigations. Attendees will gain deep insight into execution artifacts including Prefetch, UserAssist, BAM, AmCache, PCA, PowerShell history, Windows Defender logs, Scheduled Tasks, Startup entries, and USB device history. The talk also covers registry-based persistence mechanisms, Windows Event Logs including EID 4688, EID 4104, and Microsoft Office alert events, as well as Sysmon telemetry with practical guidance on installation, configuration, and monitoring. The session concludes with a demonstration of modern forensic tools such as Artifast Suite, OSForensics, Registry Explorer, and FTK Imager, highlighting real-world case analysis from prefetch data, pagefile artifacts, and USN Journal entries. Attendees will leave with actionable knowledge to efficiently collect, analyze, and interpret forensic artifacts in support of malware investigations. About the Speaker: Diyar Saadi Ali is a cybersecurity expert specializing in cybercrime investigations, SOC operations, and malware analysis. A certified MITRE ATT&CK Contributor and CVE discoverer (including CVE-2024-25400 and CVE-2024-25399), Diyar helps organizations defend against evolving digital threats. They have spoken at major international events including BlackHat MEA in Saudi Arabia, DeepSec in Vienna, COSAC in Ireland, VulnCon in India, and Arab Cyber Security Conference in Egypt. Diyar’s expertise and global experience continue to inspire and lead in the cybersecurity community. https://bsidesbud.com All rights reserved. #bsidesbud2026 #iot #malware