Anti-Forensics - You are doing it wrong (Believe me, I'm an IR consultant) - Stephan Berger
In this talk, we’ll dissect common anti-forensics strategies—like USN Journal deletion, shellbag clearing, timestamp manipulation, and disabling access time updates—and reveal how they are often executed ineffectively or misunderstood. We’ll explore practical examples, such as: Deleting the USN Journal (fsutil usn deletejournal /d C:) and why it’s rarely a perfect solution. Clearing shellbags to wipe file explorer history but failing to account for deeper registry artifacts. Time stomping (Get-Item "C:\path\to\file.txt").CreationTime = "2022-01-01 00:00:00) and how forensic tools detect inconsistencies. Disabling last access time updates (fsutil behavior set disablelastaccess 1) and its limited effectiveness against comprehensive timeline analysis. Wiping MFT free space (sdelete -z C:) while ignoring the traces left behind in unstructured data. From registry edits like masking user account activity to configuring Windows EFS, we’ll examine why these techniques often fail against modern investigative workflows and how defenders use these “footprints of erasure” to uncover malicious intent. Attendees will gain a comprehensive understanding of what works and what doesn’t and how to identify these techniques during incident response. Whether you’re an IR consultant, security analyst, or blue teamer, this talk offers actionable knowledge to outsmart adversarial anti-forensics tactics. In this talk, we'll dissect common anti-forensics strategies—like USN Journal deletion, shellbag clearing, timestamp manipulation, and disabling access time updates—and reveal how they are often executed ineffectively or misunderstood. From registry edits like masking user account activity to configuring Windows EFS, we'll examine why these techniques often fail against modern investigative workflows and how defenders use these "footprints of erasure" to uncover malicious intent. Attendees will gain a comprehensive understanding of what works and what doesn't and how to identify these techniques during incident response. Whether you're an IR consultant, security analyst, or blue teamer, this talk offers actionable knowledge to outsmart adversarial anti-forensics tactics. Stephan Berger Stephan Berger has over a decade of experience in cybersecurity. Currently working with the Swiss-based company InfoGuard, Stephan investigates breaches and hacked networks as Head of Investigation of the Incident Response team. An avid Twitter user under the handle @malmoeb, he actively shares insights on cybersecurity trends and developments. Stephan also authors the blog DFIR.ch, where he provides in-depth analysis and commentary on digital forensics and incident response. Stephan has spoken at numerous conferences, sharing his expertise with audiences worldwide. Security Fest is an inspiring and unique IT security conference held in Gothenburg, Sweden. The event is an excellent opportunity to learn more about IT security, and a great way to connect with both the renowned international speakers, and the other attendees.

OSINT tools to track you down. You cannot hide (these tools are wild)

Lahm in an exclusive interview: The debacle, Nagelsmann's future, and what's going wrong | 2026 W...

SonicDoor - Cracking open SonicWall's Secure Mobile Access - Alain Mowat

Modernizing Incident Response Using Techniques that Scale - Eric Capuano, Whitney Champion

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed

He Built a Privacy Tool. Now He’s Going to Prison.

What Happened to Sun Microsystems? Why the Tech Giant Disappeared

Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026

"Hack ANY Cell Phone" - Hacker Shows How Easy It Is To Hack Your Cell Phone

ASMR Best Triggers For Sleep Collection (No Talking) 3 Hours of Tapping & Scratching

Plundering and pillaging password and passphrase plains for profit - Will Hunt

Attacking AI - Jason Haddix - NDC Security 2026

PROOF Jim Carry is the KING of Comedy!

Do VPNs Really Protect Privacy? Data & Cybersecurity Insights

263 DIOS TE DICE HOY: ESA ANGUSTIA QUE TE ROBA LA PAZ SERÁ CAMBIADA POR DESCANSO

How Google Translate Exposed Russia's Secret Army

Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Privacy, Veilid, And You - Christien 'DilDog' Rioux

