Project 3

 Project 3 Start Here:

See scenario transcript

Transcript

Yvonne, your manager, has asked you to continue to assist law enforcement by working to recover case-related information from encrypted files and artifacts that the law enforcement team has not been able to access. There are two computer images that contain encrypted files, and law enforcement has been trying to decrypt the files while working on each image individually. The feeling is that the case can be cracked wide open with the evidence contained in the encrypted files, so this has become a high priority.

You know that there are a variety of tools and techniques to perform decryption. Because encryption often uses a mathematical element, decryption is generally best performed in an environment that is optimized for mathematical operations. Video games and other graphic intensive applications are also mathematically intensive, so the video game environment can provide insight into architecting a decryption environment. Graphic cards can be 50 to perhaps 100 times faster at processing decryption than physical memory (RAM). Ultimately, utilizing an environment that has the ability to leverage one or more high speed graphic cards can be a tremendous boost in decryption time.

In this lab we don’t have the luxury of using a specialized decryption environment with multiple parallel high-speed graphic cards. However, the two computer images are small, so processing time isn’t as long as it would be if we had large computer image files to work through.

In this project you will use Access Data’s Forensic Toolkit (FTK) and Password Recovery Toolkit (PRTK) to attempt to decrypt a number of different types of encrypted files. There are a variety of ways to attempt decryption, including brute force and the use of word lists.

This project consists of six steps:

  1. Create a Case
  2. Evaluate the Challenges Presented by Cloud Computing
  3. Identify Encrypted Files and Artifacts
  4. Create a Word List and Prepare to Carry Out the Decryption Attack
  5. Carry Out the Decryption Attack and Write a Report
  6. Submit Your Final Decryption Report

Your final decryption report will be assessed on the quality of documentation of your approach and the decrypted files, passwords, and/or decryption methods.

Now that you have an idea of the task ahead, Move to Step 1 to get started.

Step 1: Create a Case and Process Images

While a variety of forensic tools, such as Magnet/Internet Evidence Finder (IEF), exist, here you will focus on encryption and decryption by using Access Data’s Forensic Toolkit (FTK) and Password Recovery Toolkit (PRTK) to attempt to decrypt a number of different types of encrypted files. A variety of approaches can be used to attempt decryption, including brute force and the use of word lists.

You saw that law enforcement tried to work with each image individually so you decided to put both images in one case in hopes that the combined information contained on each image may prove more fruitful than working on each image individually. Using the attached lab instructions file, go to the virtual lab and create one case that adds both the Washer and Mantooth images.

Step 2: Evaluate the Challenges Presented by Cloud Computing

Cloud computing, a service that offers data storage and services to businesses and individuals, presents significant challenges to the field of digital forensics. As an option for convenient offsite storage of large volumes of data, popular cloud platforms offer services that can be attractive to organizations, including infrastructure-as-a-service, software-as-a-service, and platform-as-a-service. These additional services allow organizations to expand productivity without adding costly services in house, while storing additional organizational data on the provider’s servers. As opposed to virtualized environments that offer additional resources at a fraction of the traditional cost, cloud systems are offsite, remote repositories.

The National Institute of Standards and Technology (NIST) provides numerous guidelines on the cloud. NIST defines the cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” (NIST 2011b, p. 2). Providers offer services in different cloud infrastructures, including private, public, community, and hybrid (NIST, 2011a).

Cloud challenges in the field of digital forensics include ownership data/control of evidence and data location. The digital forensics steps of acquisition and preservation are both impacted by cloud storage, since data may be housed in multiple states and countries (so, governed by multiple jurisdictions), and at this point there is no way to guarantee all of the data is retrieved, even when the provider agrees to access. Further, many users interact with cloud services using mobile devices, which adds the complexity of proliferation of endpoints, as communication channels can involve multiple towers and hops.

The advantages cloud computing offers to organizations and the handling of big data are the same reasons cloud crime has escalated. Cyber criminals can use cloud services to conduct malicious activities and then easily leave one service to join another, erasing their digital footprint as the vacated space is quickly written over by the provider. Cybersecurity has a complicated interdependency with cloud, according to the NIST roadmap, which “presents certain unique security challenges resulting from the cloud’s very high degree of outsourcing, dependence on networks, sharing (multi-tenancy) and scale” (NIST, 2014).

The popularity of cloud computing, paired with its unique challenges, makes this technology an important issue for digital forensics. Legal challenges of the cloud involve privacy and jurisdiction, spanning the globe while inviting misuse. Adding to the challenges is a pervasive lack of proven tools for investigators and law enforcement to handle cloud storage. One promising option is forensics-as-a-service (FaaS), whereby cloud providers would offer the forensic steps of data acquisition and preservation as a service for purchase. FaaS still needs to address encryption, as much of the information housed is protected before upload.

As part of the final deliverable for this project, you will write an analysis of how cloud computing challenges—including uses of encryption—are an issue for the field of digital forensics. You will also identify trends in combating these challenges.

References

U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2016). Cloud Computing and Accessibility Considerations (NIST Publication SP500-317 [draft]). Retrieved from:https://www.nist.gov/sites/default/files/documents/itl/cloud/sp500-317_v01-draft.pdf

U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2011a). Cloud Computing Reference Architecture (NIST Publication SP500-292). Retrieved from: http://ws680.nist.gov/publication/get_pdf.cfm?pub_id=909505

U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2013). Cloud Computing Standards Roadmap, volume II (NIST Publication SP500-291). Retrieved from:http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.500-291r2.pdf

U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2011b). Definition of Cloud Computing (NIST Publication SP800-145). Retrieved from: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf

U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2011c). Guidelines on Security and Privacy in Public Cloud Computing (NIST Publication SP800-144). Retrieved from: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf

U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2014). U.S. Government Cloud Computing Technology Roadmap, volume I (NIST Publication SP500-293). Retrieved from: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.500-293.pdf

Step 3: Identify Encrypted Files and Artifacts

Normally it is a good practice to attempt to locate encrypted files and artifacts for forensic evidence prior to conducting a decryption attack, so that you can plan for the best approach. An analogy can be found in the world of sports: If you know the tendencies, strengths and weaknesses, and general appearance of your opponent, it is much easier to prepare for a successful competition. Similarly, you could try dictionary attacks, but if you have a sense as to the encryption technologies used and how encryption may have been employed in a digital forensic situation, you can prepare a more focused and refined decryption approach.

Within FTK are several different tabs that provide an organized way to review files and artifacts relating to the images of interest. Take advantage of the tab interfaces to try to locate files that may be encrypted, and to look for clues that may provide insight in the decryption attack that you are preparing.

Step 4: Create a Word List and Prepare to Carry Out the Decryption Attack

When approaching offline password cracking, remember that it is not uncommon for someone to write down a password for logging into a computer or website. Another fairly common practice is for individuals to document in some way the passwords used when encrypting a file or storage device. People may create a file that contains passwords, then store it on the computer or perhaps e-mail it to themselves for later retrieval. Another decryption approach is to use various dictionaries, various languages, and subject areas. The subject areas may be relevant to the area of interest in the case. For example, a case involving drugs may include slang terms or regional expressions specific to the drug culture.

In this case you are going to create a word list from both the Washer and Mantooth images to be used to attack the encrypted files. Access Data’s approach to decryption leverages the indexing of terms that is created when a case is processed. This information is also used to create potential keyword combinations to be used in the decryption attack. Once you have completed this portion of the FTK Lab and made notes to include in your final report, you are ready to go to the next step: Carry Out the Decryption Attack and Write a Report.

Step 5: Carry Out the Decryption Attack and Write a Report

Both FTK and PRTK are used in this portion of the lab. You will use your word list to conduct the decryption attack using PRTK. Because you used both the Washer and Mantooth images when creating your word list, you will have much more decryption success than the law enforcement team that previously tried to decrypt the files. Decryption attacks can take hours, days, even months to conduct, and waiting for the success or failure of the attack can be a lesson in patience. However, this is also a good reminder that planning a decryption attack to be as focused as possible can save considerable processing time.

You will be able to watch a decryption attack in much the same fashion as watching an image being processed in FTK. You may be able to receive some preliminary results prior to completion of the entire attack. If the preliminary feedback does not look promising, an investigator may cancel the attack and then plan and execute a new attack using a different strategy. Once you have completed the decryption attack in the FTK Lab write up your findings in the attached formal forensic lab report document and submit it to your supervisor (your instructor).

Step 6: Submit Your Final Decryption Report

In this step, you will compile and test your findings. This information, together with the notes you took in the previous four steps, make up the final decryption report.

Use the final decryption report template to submit your findings to your organization’s security operations manager (your instructor).

Research Paper 101
Calculate your paper price
Pages (550 words)
Approximate price: -

Reasons to trust Research Paper 101

On Time Delivery

We pride ourselves in meeting the deadlines of our customers. We take your order, assign a writer but allow some more time for ourselves to edit the paper before delivering to you. You are guaranteed a flawless paper on a timely manner...

24x7 Customer Live Support

Our team at Research Paper 101 is committed to handling your paper according to the specfications and are available 24*7 for communication. Whenever you need a quick help, you can talk to our writers via the system messaging or contact support via live chat and we will deliver your message instantly.

Experienced Subject Experts

Online Experts from Research Paper 101 are qualified both academically and in their experiences. Many are Masters and Phd holders and therefore, are qualified to handle complex assignments that require critical thinking and analyses...

Customer Satisfaction

We offer dissertation papers as per students’ wishes. We also help craft out the best topics and design concept papers. By ordering with us, you are guaranteed of defending and making through those hard faced professors in the defense panel!

100% Plagiarism Free

We at Research Paper 101 take plagiarism as a serious offence. From the start, we train our writers to write all their papers from scratch. We also check if the papers have been cited appropriately. Our website also has a tool designed to check for plagiarism that has been made erroniusly. In essense, the paper you get will be 100% legit...

Affordable Prices

We understand that being a student is very challenging, some students balance between work and studies in order to survive. We therefore offer pocket friendly rates that are very competitive in the market.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

error: