Project 3 Start Here:
Yvonne, your manager, has asked you to continue to assist law enforcement by working to recover case-related information from encrypted files and artifacts that the law enforcement team has not been able to access. There are two computer images that contain encrypted files, and law enforcement has been trying to decrypt the files while working on each image individually. The feeling is that the case can be cracked wide open with the evidence contained in the encrypted files, so this has become a high priority.
You know that there are a variety of tools and techniques to perform decryption. Because encryption often uses a mathematical element, decryption is generally best performed in an environment that is optimized for mathematical operations. Video games and other graphic intensive applications are also mathematically intensive, so the video game environment can provide insight into architecting a decryption environment. Graphic cards can be 50 to perhaps 100 times faster at processing decryption than physical memory (RAM). Ultimately, utilizing an environment that has the ability to leverage one or more high speed graphic cards can be a tremendous boost in decryption time.
In this lab we don’t have the luxury of using a specialized decryption environment with multiple parallel high-speed graphic cards. However, the two computer images are small, so processing time isn’t as long as it would be if we had large computer image files to work through.
In this project you will use Access Data’s Forensic Toolkit (FTK) and Password Recovery Toolkit (PRTK) to attempt to decrypt a number of different types of encrypted files. There are a variety of ways to attempt decryption, including brute force and the use of word lists.
This project consists of six steps:
Your final decryption report will be assessed on the quality of documentation of your approach and the decrypted files, passwords, and/or decryption methods.
Now that you have an idea of the task ahead, Move to Step 1 to get started.
While a variety of forensic tools, such as Magnet/Internet Evidence Finder (IEF), exist, here you will focus on encryption and decryption by using Access Data’s Forensic Toolkit (FTK) and Password Recovery Toolkit (PRTK) to attempt to decrypt a number of different types of encrypted files. A variety of approaches can be used to attempt decryption, including brute force and the use of word lists.
You saw that law enforcement tried to work with each image individually so you decided to put both images in one case in hopes that the combined information contained on each image may prove more fruitful than working on each image individually. Using the attached lab instructions file, go to the virtual lab and create one case that adds both the Washer and Mantooth images.
Cloud computing, a service that offers data storage and services to businesses and individuals, presents significant challenges to the field of digital forensics. As an option for convenient offsite storage of large volumes of data, popular cloud platforms offer services that can be attractive to organizations, including infrastructure-as-a-service, software-as-a-service, and platform-as-a-service. These additional services allow organizations to expand productivity without adding costly services in house, while storing additional organizational data on the provider’s servers. As opposed to virtualized environments that offer additional resources at a fraction of the traditional cost, cloud systems are offsite, remote repositories.
The National Institute of Standards and Technology (NIST) provides numerous guidelines on the cloud. NIST defines the cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” (NIST 2011b, p. 2). Providers offer services in different cloud infrastructures, including private, public, community, and hybrid (NIST, 2011a).
Cloud challenges in the field of digital forensics include ownership data/control of evidence and data location. The digital forensics steps of acquisition and preservation are both impacted by cloud storage, since data may be housed in multiple states and countries (so, governed by multiple jurisdictions), and at this point there is no way to guarantee all of the data is retrieved, even when the provider agrees to access. Further, many users interact with cloud services using mobile devices, which adds the complexity of proliferation of endpoints, as communication channels can involve multiple towers and hops.
The advantages cloud computing offers to organizations and the handling of big data are the same reasons cloud crime has escalated. Cyber criminals can use cloud services to conduct malicious activities and then easily leave one service to join another, erasing their digital footprint as the vacated space is quickly written over by the provider. Cybersecurity has a complicated interdependency with cloud, according to the NIST roadmap, which “presents certain unique security challenges resulting from the cloud’s very high degree of outsourcing, dependence on networks, sharing (multi-tenancy) and scale” (NIST, 2014).
The popularity of cloud computing, paired with its unique challenges, makes this technology an important issue for digital forensics. Legal challenges of the cloud involve privacy and jurisdiction, spanning the globe while inviting misuse. Adding to the challenges is a pervasive lack of proven tools for investigators and law enforcement to handle cloud storage. One promising option is forensics-as-a-service (FaaS), whereby cloud providers would offer the forensic steps of data acquisition and preservation as a service for purchase. FaaS still needs to address encryption, as much of the information housed is protected before upload.
As part of the final deliverable for this project, you will write an analysis of how cloud computing challenges—including uses of encryption—are an issue for the field of digital forensics. You will also identify trends in combating these challenges.
U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2016). Cloud Computing and Accessibility Considerations (NIST Publication SP500-317 [draft]). Retrieved from:https://www.nist.gov/sites/default/files/documents/itl/cloud/sp500-317_v01-draft.pdf
U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2011a). Cloud Computing Reference Architecture (NIST Publication SP500-292). Retrieved from: http://ws680.nist.gov/publication/get_pdf.cfm?pub_id=909505
U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2013). Cloud Computing Standards Roadmap, volume II (NIST Publication SP500-291). Retrieved from:http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.500-291r2.pdf
U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2011b). Definition of Cloud Computing (NIST Publication SP800-145). Retrieved from: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf
U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2011c). Guidelines on Security and Privacy in Public Cloud Computing (NIST Publication SP800-144). Retrieved from: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf
U.S. Department of Commerce, National Institute of Standards and Technology (NIST). (2014). U.S. Government Cloud Computing Technology Roadmap, volume I (NIST Publication SP500-293). Retrieved from: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.500-293.pdf
Normally it is a good practice to attempt to locate encrypted files and artifacts for forensic evidence prior to conducting a decryption attack, so that you can plan for the best approach. An analogy can be found in the world of sports: If you know the tendencies, strengths and weaknesses, and general appearance of your opponent, it is much easier to prepare for a successful competition. Similarly, you could try dictionary attacks, but if you have a sense as to the encryption technologies used and how encryption may have been employed in a digital forensic situation, you can prepare a more focused and refined decryption approach.
Within FTK are several different tabs that provide an organized way to review files and artifacts relating to the images of interest. Take advantage of the tab interfaces to try to locate files that may be encrypted, and to look for clues that may provide insight in the decryption attack that you are preparing.
When approaching offline password cracking, remember that it is not uncommon for someone to write down a password for logging into a computer or website. Another fairly common practice is for individuals to document in some way the passwords used when encrypting a file or storage device. People may create a file that contains passwords, then store it on the computer or perhaps e-mail it to themselves for later retrieval. Another decryption approach is to use various dictionaries, various languages, and subject areas. The subject areas may be relevant to the area of interest in the case. For example, a case involving drugs may include slang terms or regional expressions specific to the drug culture.
In this case you are going to create a word list from both the Washer and Mantooth images to be used to attack the encrypted files. Access Data’s approach to decryption leverages the indexing of terms that is created when a case is processed. This information is also used to create potential keyword combinations to be used in the decryption attack. Once you have completed this portion of the FTK Lab and made notes to include in your final report, you are ready to go to the next step: Carry Out the Decryption Attack and Write a Report.
Both FTK and PRTK are used in this portion of the lab. You will use your word list to conduct the decryption attack using PRTK. Because you used both the Washer and Mantooth images when creating your word list, you will have much more decryption success than the law enforcement team that previously tried to decrypt the files. Decryption attacks can take hours, days, even months to conduct, and waiting for the success or failure of the attack can be a lesson in patience. However, this is also a good reminder that planning a decryption attack to be as focused as possible can save considerable processing time.
You will be able to watch a decryption attack in much the same fashion as watching an image being processed in FTK. You may be able to receive some preliminary results prior to completion of the entire attack. If the preliminary feedback does not look promising, an investigator may cancel the attack and then plan and execute a new attack using a different strategy. Once you have completed the decryption attack in the FTK Lab write up your findings in the attached formal forensic lab report document and submit it to your supervisor (your instructor).
In this step, you will compile and test your findings. This information, together with the notes you took in the previous four steps, make up the final decryption report.
Use the final decryption report template to submit your findings to your organization’s security operations manager (your instructor).
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.
No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.
Admission Essays & Business Writing Help
An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.
Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.
If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.