Today’s focus was encryption and hacking techniques. All of the tools we used today are freely available and the hardest part is figuring out when to use a particular tool. Another interesting crumb of knowledge I learned today is that the forensic community doesn’t have a solution for TrueCrypt (http://www.truecrypt.org/). This software is giving the community fits. This software allows one to create encrypted volumes that appear as other files. There are minimal clues for the forensic investigator. Techniques such as a file signature analysis won’t work. The only clues to look for are the application logs that show TrueCrypt and files that are unusually large. When was the last time you saw a demo.txt file that was 1GB? Thankfully, I’m not sure I’ll have more than occasional use for this knowledge in a research library. Tomorrow’s focus is on the Mac OS.
Advanced Forensics Day 3 – Encryption
Thu, 01/21/2010 - 22:27