Penetrating encrypted evidence Writer : Hank Wolfe University of Otago, Computer Security, Forensics, Information Science Department, New Zealand Presentation.

Slides:



Advertisements
Similar presentations
Complex Recovery/ Data Reduction DFRWS Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.
Advertisements

Criminal Justice 2011 Chapter 17: White-collar and Computer Crime Criminal Investigation The Art and the Science by Michael D. Lyman Copyright 2011.
2 Language of Computer Crime Investigation
Direct Attacks on Computational Devices
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Guide to Computer Forensics and Investigations, Second Edition
BACS 371 Computer Forensics
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.
Guide to Computer Forensics and Investigations Fourth Edition
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.
Hands-on: Capturing an Image with AccessData FTK Imager
Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.
Passwords, Encryption Forensic Tools
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
SELECTION Prepared by: Omid Sabah. Objectives : By the end of this chapter you will be able to:  Introduction to Selection  What is selection process.
UNIT 4 ASSIGNMENT VIRUSES & DESTRUCTIVE PROGRAMS.
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Behavior-based Spyware Detection By Engin Kirda and Christopher Kruegel Secure Systems Lab Technical University Vienna Greg Banks, Giovanni Vigna, and.
Digital Crime Scene Investigative Process
Chapter 4: Overview of Preventive Maintenance
Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Computer Forensics Principles and Practices
29.1 Lecture 29 Security I Based on the Silberschatz & Galvin’s slides And Stallings’ slides.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
1 IT Investigative Tools Tools and Services for the Forensic Auditor.
Eng. Hector M Lugo-Cordero, MS CIS4361 Department of Electrical Engineering and Computer Science February, 2012 University of Central Florida.
© Sapphire 2006 Computer Misuse in the Workplace You only get one chance..... David Horn You only get one chance...
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
Technology in Computer Forensics  Alicia Castro  Thesis Defense  Master of Software Engineering  Department of Computer Science  University of Colorado,
NIMS MIDDLE SCHOOL PASSWORD BRIEF. What is a Password?  It is a string of alphanumeric characters that can be used to allow access to multiple things.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
MagicNET: Security System for Protection of Mobile Agents.
Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 5: Basic Security.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
DIGITAL SIGNATURE.
CSE 102 Introduction to Computer Engineering What is Computer Engineering?
CSCE 548 Secure Software Development Security Operations.
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
Forensics Jeff Wang Code Mentor: John Zhu (IT Support)
Securing A Wireless Home Network. Simple home wired LAN.
Video Technology What you will be expected to learn in this class.
Professional Subjects. COMPUTER NETWORK MECHANIC MACHINE AND DEVICE MECHANIC CHEF - COOK SECONDARY GRAMMAR SCHOOL.
BY: NICK DOWNER TEMPEST EMISSIONS. OVERVIEW What are tempest emissions? Detecting tempest emissions Security concerns How to protect against leakage.
Waqas Haider Khan Bangyal. Organization of the Lecture Research and Methodology: Research defined and described Some classifications of research Define.
By: Jeremy Henry. Road Map  What is a cybercrime?  Statistics.  Tools used by an investigator.  Techniques and procedures used.  Specific case.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
©2016 Check Point Software Technologies Ltd. 1 Latest threats…. Rolando Panez | Security Engineer RANSOMWARE.
CRYPTOVIROLOGY by Ramu Muthuraman Cpsc 620. Overview  Introduction  Justification of Cryptovirology?  Key Terms  Cryptoviral Extortion Attack  Gpcode.ag.
Information Systems Design and Development Security Precautions Computing Science.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Principles of Information Systems Eighth Edition
Creighton Barrett Dalhousie University Archives
IT Security  .
Lesson Objectives Aims You should be able to:
Introduction to Computer Forensics
The Internet of Unsecure Things
Encryption, Cryptography, and Steganography:
Fourth Amendment: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall.
What is keystroke logging?
Presentation transcript:

Penetrating encrypted evidence Writer : Hank Wolfe University of Otago, Computer Security, Forensics, Information Science Department, New Zealand Presentation : Digital Investigation, 2004 Reporter : Sparker

Introduction Every investigator will encounter suspect hard drives and other media that has been encrypted. The accused will be asked to provide the keys necessary for decryption of data files or entire hard drives. The final decision, however, rests with the accused.

There are some technical methods to obtain the relevant keys Social engineering. Surveillance.

Social engineering A divorce settlement case. The ethics of the profession. Once the integrity is compromised, it is impossible to regain the confidence and trust held before..

Social engineering (cont.) Before attempting to use the decrypt software tools. Every has something that is important to them, we use this technique to guess passwords. It does not always work but it is always worth a try.

Social engineering (cont.) Often-simple methods can be very effective. It is human nature to create keys and passwords that are easily remembered. As forensic investigators, it is part of our job to find out all that we can about the accused and his/her background.

Surveillance A criminal case involving child pornography. A series of tools like D.I.R.T. or STARR or KeyKatch or KeyGhost or the Password Recovery Toolkit and others. They are installed on the target machine by various means (a virus, a Trojan, … and so on). These tools can intercept ans record keystrokes among other things and transmit this information in encrypted form back to forensic computers.

Surveillance (contd.) The advantage of these tools is that they are flexible and can capture, based on the way they have been configured, many different kinds of information-including but not limited to keystrokes. Electromagnetic transition emanate from all electric devices. With the right equipment, it is possibleto receive those emanations and convert them back into their source form. The emanations can be acquired from a reasonable distance covertly and converted back into the key codes.

Surveillance (contd.) The contents of a computer display unit can also be captured, interpreted and viewed by someone other than the operator at a distance (Van Eck, or TEMPEST, or HIJACK, or NONSTOP). Using this surveillance technique requires six equipments consists of, antenna, receiver, amplifier, sync generator, a multi-sync monitor, snd recorder..

Conclusion We all need to share our successful techniques and learn from each other and accept that we do not have all of the answers. The techniques described have been and will continue to be successful and should be regarded as just another set of tools for the standard forensic tool kit..

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.