Offensive forensics is an attack technique hackers use to capture non-static data that can be useful in performing further attacks, says Joe Sremack, Principal, Berkeley Research Group, LLC, a computer forensics and e-discovery firm.
In an offensive forensics procedure, the hacker captures non-static, in-memory data in order to acquire the passwords, encryption keys, or active network session data living there, which can aid them in gaining unrestrained access to precious data.
[ Prevent corporate data leaks with Roger Grimes' "Data Loss Prevention Deep Dive" PDF expert guide, only from InfoWorld. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
To illustrate, a simple example of an offensive forensics attack is one that captures the Windows clipboard, a place where less-than-savvy users often copy and paste their secure passwords. Hackers typically mount this type of attack through vulnerabilities in Flash.
There are exploits that read through Flash plug-ins in browsers in combination with weak or misconfigured settings to read the full browser content, including in-memory passwords, says Sremack.