Presentation is loading. Please wait.

Presentation is loading. Please wait.

Penetrating encrypted evidence Writer : Hank Wolfe University of Otago, Computer Security, Forensics, Information Science Department, New Zealand Presentation.

Published byAusten Hampton Modified over 9 years ago

Similar presentations

Presentation on theme: "Penetrating encrypted evidence Writer : Hank Wolfe University of Otago, Computer Security, Forensics, Information Science Department, New Zealand Presentation."— Presentation transcript:

1 Penetrating encrypted evidence Writer : Hank Wolfe University of Otago, Computer Security, Forensics, Information Science Department, New Zealand Presentation : Digital Investigation, 2004 Reporter : Sparker

2 Introduction Every investigator will encounter suspect hard drives and other media that has been encrypted. The accused will be asked to provide the keys necessary for decryption of data files or entire hard drives. The final decision, however, rests with the accused.

3 There are some technical methods to obtain the relevant keys Social engineering. Surveillance.

4 Social engineering A divorce settlement case. The ethics of the profession. Once the integrity is compromised, it is impossible to regain the confidence and trust held before..

5 Social engineering (cont.) Before attempting to use the decrypt software tools. Every has something that is important to them, we use this technique to guess passwords. It does not always work but it is always worth a try.

6 Social engineering (cont.) Often-simple methods can be very effective. It is human nature to create keys and passwords that are easily remembered. As forensic investigators, it is part of our job to find out all that we can about the accused and his/her background.

7 Surveillance A criminal case involving child pornography. A series of tools like D.I.R.T. or STARR or KeyKatch or KeyGhost or the Password Recovery Toolkit and others. They are installed on the target machine by various means (a virus, a Trojan, … and so on). These tools can intercept ans record keystrokes among other things and transmit this information in encrypted form back to forensic computers.

8 Surveillance (contd.) The advantage of these tools is that they are flexible and can capture, based on the way they have been configured, many different kinds of information-including but not limited to keystrokes. Electromagnetic transition emanate from all electric devices. With the right equipment, it is possibleto receive those emanations and convert them back into their source form. The emanations can be acquired from a reasonable distance covertly and converted back into the key codes.

9 Surveillance (contd.) The contents of a computer display unit can also be captured, interpreted and viewed by someone other than the operator at a distance (Van Eck, or TEMPEST, or HIJACK, or NONSTOP). Using this surveillance technique requires six equipments consists of, antenna, receiver, amplifier, sync generator, a multi-sync monitor, snd recorder..

10 Conclusion We all need to share our successful techniques and learn from each other and accept that we do not have all of the answers. The techniques described have been and will continue to be successful and should be regarded as just another set of tools for the standard forensic tool kit..

Download ppt "Penetrating encrypted evidence Writer : Hank Wolfe University of Otago, Computer Security, Forensics, Information Science Department, New Zealand Presentation."

Similar presentations

Complex Recovery/ Data Reduction DFRWS 2002. Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.

Complex Recovery/ Data Reduction DFRWS Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.
Criminal Justice 2011 Chapter 17: White-collar and Computer Crime Criminal Investigation The Art and the Science by Michael D. Lyman Copyright 2011.

Criminal Justice 2011 Chapter 17: White-collar and Computer Crime Criminal Investigation The Art and the Science by Michael D. Lyman Copyright 2011.
2 Language of Computer Crime Investigation

2 Language of Computer Crime Investigation
Direct Attacks on Computational Devices

Direct Attacks on Computational Devices
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
BACS 371 Computer Forensics

BACS 371 Computer Forensics
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.

Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.

Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.
Hands-on: Capturing an Image with AccessData FTK Imager

Hands-on: Capturing an Image with AccessData FTK Imager
Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.

Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.
Passwords, Encryption Forensic Tools

Passwords, Encryption Forensic Tools
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
SELECTION Prepared by: Omid Sabah. Objectives : By the end of this chapter you will be able to:  Introduction to Selection  What is selection process.

SELECTION Prepared by: Omid Sabah. Objectives : By the end of this chapter you will be able to:  Introduction to Selection  What is selection process.
UNIT 4 ASSIGNMENT VIRUSES & DESTRUCTIVE PROGRAMS.

UNIT 4 ASSIGNMENT VIRUSES & DESTRUCTIVE PROGRAMS.
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.

Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.

Similar presentations

Ads by Google