“Offensive forensics is an attack technique hackers use to capture non-static data that can be useful in performing further attacks,” says Joe Sremack, Principal, Berkeley Research Group, LLC, a computer forensics and e-discovery firm.
In an offensive forensics procedure, the hacker captures non-static, in-memory data in order to acquire the passwords, encryption keys, or active network session data living there, which can aid them in gaining unrestrained access to precious data.
To illustrate, a simple example of an offensive forensics attack is one that captures the Windows clipboard, a place where less-than-savvy users often copy and paste their secure passwords. Hackers typically mount this type of attack through vulnerabilities in Flash.
“There are exploits that read through Flash plug-ins in browsers in combination with weak or misconfigured settings to read the full browser content, including in-memory passwords,” says Sremack.
Awareness is the first step in defeating offensive forensic tricks and techniques; action is the second step.