Professional Documents
Culture Documents
Computer - Counter-Forensics Darren Chaker
Computer - Counter-Forensics Darren Chaker
Computer - Counter-Forensics Darren Chaker
Concerns on Data
Image hard drive Recover deleted files Bypass OS file security mechanisms Swap file, hibernation, filesystem metadata Cookies, Cache, Local Shared Objects (Flash Cookies) Wear leveling on solid state drives
Non-holistic solutions
There is software available that scrubs sensitive data from system. Less than ideal because data can remain in unexpected areas
Concerns on Data
Image RAM Cold boot attack Firewire Complete memory access Keylogger
Beryl, Starcraft
Preventative Measures
To Protect Data
Wipe disks before usage Random fill Shred files Encrypt Wear leveling Encrypt prior to use Make password harder to crack than key
Data Encryption
Per-File Encryption
Each file encrypted separately Does not guarantee sensitive material secure
Filesystem encrypts each file Metadata unencrypted Every block written to disk fully encrypted
Filesystem Encryption
Not a panacea
Concerns on Networking
Network traffic snooping ISP asked for logs Content providers asked for logs Honey pots Man in the middle attacks
Preventative Measures
To Protect Network
Darknet support Can only access Freenet content Plausible deniability Encrypted data store
Gnunet
Preventative Measures
Flash HTTP Referrer Timing attack Malicious nodes Low latency network vulnerable to timing attacks
Physical Security
Best to have several rings of protection, so that compromises arent all encompassing
Questions?
Resources
Cross platform volume encryption software. Supports full disk encryption on Windows with hidden OS capability
http://md.hudora.de/presentations/firewire/2005-firewirecansecwest.pdf