Add to collection(s) Add to saved
  1. Science
  2. Biology
  3. Neuroscience

Penetrating encrypted evidence

advertisement 
Penetrating encrypted evidence
• Writer : Hank Wolfe
• University of Otago, Computer Security, Forensics,
Information Science Department, New Zealand
• Presentation : Digital Investigation, 2004
• Reporter : Sparker
Introduction
• Every investigator will encounter suspect hard
drives and other media that has been encrypted.
• The accused will be asked to provide the keys
necessary for decryption of data files or entire
hard drives.
• The final decision, however, rests with the
accused.
There are some technical methods to obtain
the relevant keys
• Social engineering.
• Surveillance.
Social engineering
• A divorce settlement case.
• The ethics of the profession.
• Once the integrity is compromised, it is
impossible to regain the confidence and
trust held before..
Social engineering (cont.)
• Before attempting to use the decrypt
software tools.
• Every has something that is important to
them, we use this technique to guess
passwords.
• It does not always work but it is always
worth a try.
Social engineering (cont.)
• Often-simple methods can be very effective.
• It is human nature to create keys and passwords
that are easily remembered.
• As forensic investigators, it is part of our job to
find out all that we can about the accused and
his/her background.
Surveillance
• A criminal case involving child pornography.
• A series of tools like D.I.R.T. or STARR or
KeyKatch or KeyGhost or the Password Recovery
Toolkit and others.
• They are installed on the target machine by
various means (a virus, a Trojan, … and so on).
• These tools can intercept ans record keystrokes
among other things and transmit this information
in encrypted form back to forensic computers.
Surveillance (contd.)
• The advantage of these tools is that they are flexible and
can capture, based on the way they have been configured,
many different kinds of information-including but not
limited to keystrokes.
• Electromagnetic transition emanate from all electric
devices. With the right equipment, it is possibleto receive
those emanations and convert them back into their source
form.
• The emanations can be acquired from a reasonable distance
covertly and converted back into the key codes.
Surveillance (contd.)
• The contents of a computer display unit can also
be captured, interpreted and viewed by someone
other than the operator at a distance (Van Eck, or
TEMPEST, or HIJACK, or NONSTOP).
• Using this surveillance technique requires six
equipments consists of, antenna, receiver,
amplifier, sync generator, a multi-sync monitor,
snd recorder. .
Conclusion
• We all need to share our successful techniques
and learn from each other and accept that we do
not have all of the answers.
• The techniques described have been and will
continue to be successful and should be regarded
as just another set of tools for the standard
forensic tool kit..
Related documents
Module 2 C Proactive Intelligence, Internet
Module 2 C Proactive Intelligence, Internet
Resolution 5 - Internet Surveillance.doc
Resolution 5 - Internet Surveillance.doc
Baesler, John
Baesler, John
T crime - common core standards specific
T crime - common core standards specific
Fast text-entry on miniature mobile devices Faculty of Engineering Oslo University College
Fast text-entry on miniature mobile devices Faculty of Engineering Oslo University College
Keyboard Acoustic Emanations Revisited Li Zhuang, Feng Zhou, J. D. Tygar zl,zf,tygar
Keyboard Acoustic Emanations Revisited Li Zhuang, Feng Zhou, J. D. Tygar zl,zf,tygar
Download
advertisement