1 / 9

Forensics4

Forensics4. Passwords, Encryption Forensic Tools. Access Control. How to Obtain Password Ask for the password Find password near computer Use social engineering Use personal data to guess password Crack password Use word list Use modified words - hybrid attack Use brute force

heath
Télécharger la présentation

Forensics4

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Forensics4 Passwords, Encryption Forensic Tools

  2. Access Control • How to Obtain Password • Ask for the password • Find password near computer • Use social engineering • Use personal data to guess password • Crack password • Use word list • Use modified words - hybrid attack • Use brute force • Use different Operating System to access data

  3. Encryption • Advantages • Encrypted data can’t be easily read • Strong encryption may require years of work to decrypt without the key • Disadvantages • Encrypted files draw attention to their value • If you loose the key, you loose the data • For large files, strong encryption may take significant time to decrypt • Encryption/Decryption covered in previous course

  4. Types of Encryption • Substitution Cipher • Oldest method • Easy to crack • Private Key • Both sender and receiver use the same key • Problem with getting key to receiver • Public Key • Sender uses receivers public key to encrypt • Receiver uses his private key to decrypt • There are methods to assure that the message originated from the stated sender and receiver identity is verified

  5. Steganography • Hide data in picture/sound file by modifying LSB’s of data • Free demo program at:http://www.quickcrypto.com/free-steganography-software.html • To improve security combine steganography with encryption • First encrypt the message, then apply steganography

  6. Forensic Software • Commercial forensic software is very expensive due to limited market • Free forensic software • dd – comes with UNIX OS – makes bit level copies • dd for Windows • http://www.chrysocome.net/download • Get dd-06beta.zip • Unzip to a folder • Use dd –list to find how to refer to hard drive • Use dd if=<input device> of=<output file> to make copy • Use dd if=/device/zero of=<output device> to zero a drive

  7. Free Forensic Software • Forensic Tool Kit Imager from http://www.accessdata.com/support/product-downloads#.UctFozvVCSo • Click on FTK IMAGER to download the application • Can make forensic copy of entire disk or analyze contents • The Sleuth Kit from http://www.sleuthkit.org/sleuthkit/ • Click on Download to get the application • A collection of command line tools

  8. Free Forensic Software • The SANS Investigative Forensic Toolkit (SIFT) • A collection of forensic tools that runs as a Vmware Virtual Machine • Available at http://computer-forensics.sans.org/community/downloads • Microsoft System Internals available at http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx • Command line tool collection for Windows

  9. Forensic Hardware • Write Blocker - prevents writes to original hard disk • Connects between forensic computer and original hard drive • Can also be used between disk copy and forensic computer to assure that the copy is not modified

More Related