1 / 4

 Oft Repeated Theme:

Encryption Workshop Session 1.  Oft Repeated Theme:

gafna
Télécharger la présentation

 Oft Repeated Theme:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Encryption Workshop Session 1 •  Oft Repeated Theme: • If it is encrypted, you are probably not going to crack it. Look instead at the “end points” and low-hanging fruit (social engineering or external sources – look for human sloppiness, string search in cached locations, slack space, network traffic, page swap file…) • Database on data hiding locations needed

  2. Identify Key Legal and Technical Issues • We can compel people to turn over something physical, but cannot compel to release information (5th amendment) • What is the admissibility of “same file name, same file size” as evidence – generally, it probably isn’t, but combined with other evidence (browser history, child abuse) can be supportive • See Slide #1

  3. Has there been an increase in use of encryption in the past few years? • Computer intruders: SSH daemon, bluefish on log files • Probably will see it rise as wireless increases – policy tension: CI protection vs forensics • More runtime encryption/decryption being used on malware. • Teso has a program (“burn-eye”) that encrypts binaries, and it can be used with machine fingerprinting (virtual memory, routing table, partitioning, hostname) so it cannot be run on another machine. Think virus detection!!

  4.  Steganography and Steganalysis • Has anyone in law enforcement found steganography in use in a case?   • No, not in the sense of embedding secrets in a carrier. •   But, use of misdirection, renaming, semaphores, data hiding seems to be quite common. • Crooks are dumb – most people use defaults of what they are given – people committing crimes of passion aren’t usually thinking how to cover their tracks • How reliable are most of the stego detection methods? • Difficult problem – lots of image formats, broad spectrum of algorithms – requires many highly specialized steganalysis routines • Don’t know about reliability

More Related