Forensics4
This presentation is the property of its rightful owner.
Sponsored Links
1 / 9

Forensics4 PowerPoint PPT Presentation


  • 117 Views
  • Uploaded on
  • Presentation posted in: General

Forensics4. Passwords, Encryption Forensic Tools. Access Control. How to Obtain Password Ask for the password Find password near computer Use social engineering Use personal data to guess password Crack password Use word list Use modified words - hybrid attack Use brute force

Download Presentation

Forensics4

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Forensics4

Forensics4

Passwords, Encryption

Forensic Tools


Access control

Access Control

  • How to Obtain Password

    • Ask for the password

    • Find password near computer

    • Use social engineering

    • Use personal data to guess password

    • Crack password

      • Use word list

      • Use modified words - hybrid attack

      • Use brute force

    • Use different Operating System to access data


Encryption

Encryption

  • Advantages

    • Encrypted data can’t be easily read

    • Strong encryption may require years of work to decrypt without the key

  • Disadvantages

    • Encrypted files draw attention to their value

    • If you loose the key, you loose the data

    • For large files, strong encryption may take significant time to decrypt

  • Encryption/Decryption covered in previous course


Types of encryption

Types of Encryption

  • Substitution Cipher

    • Oldest method

    • Easy to crack

  • Private Key

    • Both sender and receiver use the same key

    • Problem with getting key to receiver

  • Public Key

    • Sender uses receivers public key to encrypt

    • Receiver uses his private key to decrypt

    • There are methods to assure that the message originated from the stated sender and receiver identity is verified


Steganography

Steganography

  • Hide data in picture/sound file by modifying LSB’s of data

  • Free demo program at:http://www.quickcrypto.com/free-steganography-software.html

  • To improve security combine steganography with encryption

  • First encrypt the message, then apply steganography


Forensic software

Forensic Software

  • Commercial forensic software is very expensive due to limited market

  • Free forensic software

    • dd – comes with UNIX OS – makes bit level copies

    • dd for Windows

      • http://www.chrysocome.net/download

      • Get dd-06beta.zip

      • Unzip to a folder

      • Use dd –list to find how to refer to hard drive

      • Use dd if=<input device> of=<output file> to make copy

      • Use dd if=/device/zero of=<output device> to zero a drive


Free forensic software

Free Forensic Software

  • Forensic Tool Kit Imager from http://www.accessdata.com/support/product-downloads#.UctFozvVCSo

    • Click on FTK IMAGER to download the application

    • Can make forensic copy of entire disk or analyze contents

  • The Sleuth Kit from http://www.sleuthkit.org/sleuthkit/

    • Click on Download to get the application

    • A collection of command line tools


Free forensic software1

Free Forensic Software

  • The SANS Investigative Forensic Toolkit (SIFT)

    • A collection of forensic tools that runs as a Vmware Virtual Machine

    • Available at http://computer-forensics.sans.org/community/downloads

  • Microsoft System Internals available at http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

    • Command line tool collection for Windows


Forensic hardware

Forensic Hardware

  • Write Blocker - prevents writes to original hard disk

  • Connects between forensic computer and original hard drive

  • Can also be used between disk copy and forensic computer to assure that the copy is not modified


  • Login