DOCSLIB.ORG

INFORMATION SECURITY and Anti‐Forensics

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
INFORMATION SECURITY and Anti‐Forensics INFORMATION SECURITY and Anti‐Forensics Abstract Where there is a data leak there is a helpful LEO to pick up the slack and throw you in jail for it. This guide attempts to educate you on some of the best security practices and anti‐ forensics techniques so that doesn’t happen. From news reporters to people who want to download and watch child porn; this guide will help keep you safe. by MISSIONMAN | V2 | FINAL Page | 1 Dedication This guide is dedicated to the wonderful Law Enforcement Agencies of the world; if they didn’t try to fuck us over all the time, I wouldn’t care enough to make this guide in the first place. Page | 2 Information Security and Anti‐Forensics Table of Contents Dedication ..................................................................................................................................................... 1 Chapter 1 _The CIA Triad ........................................................................................................................... 5 Chapter 2 _ Recommendations ................................................................................................................. 6 Chapter 3 _ Encryption ............................................................................................................................ 10 3.1. Encryption Dealing with Confidentiality ..................................................................................... 11 3.2. Encrypting Files or the Hard Drive .............................................................................................. 12 3.3. Securely Exchanging Messages or Data ...................................................................................... 15 3.4. Steganography ............................................................................................................................ 17 3.5. Authentication Factors ................................................................................................................ 18 3.6. Password Attacks and Account Recovery Attacks ...................................................................... 18 3.7. Creating Secure Passwords ......................................................................................................... 19 3.8. Hashing, Hashing Collisions, and Birthday Attacks ..................................................................... 19 3.9. Cold Boot Attacks ........................................................................................................................ 21 Chapter 4 _ Data ...................................................................................................................................... 22 4.1 Deleted Data ............................................................................................................................... 23 4.2 Deleting Data Securely ................................................................................................................ 24 4.3 File Slack ...................................................................................................................................... 25 4.4 Where to Hide Your Data ............................................................................................................ 26 4.5 Windows Swap Files, ReadyBoost, Temporary Internet Files and Browser Cache ..................... 26 4.6 Temporary Application Files and Recent Files Lists .................................................................... 28 4.7 Shellbags ..................................................................................................................................... 32 4.8 Prefetching and Timestamps ...................................................................................................... 33 4.9 Event Logs ................................................................................................................................... 34 4.10 Printers, Print Jobs, and Copiers ................................................................................................. 34 4.11 Cameras, Pictures, and Metadata ............................................................................................... 36 4.12 USB Information .......................................................................................................................... 37 Page | 3 4.13 SSD – Solid State Drives .............................................................................................................. 38 4.14 Forensic Software Tools .............................................................................................................. 39 Chapter 5 _ Continuity ............................................................................................................................. 40 5.1 Security Concerns with Backups ................................................................................................. 41 5.2 Security Concerns with Sleep and Hibernation........................................................................... 41 5.3 Ensuring Information and Service Continuity ............................................................................. 41 5.4 DoS and DDoS attacks ................................................................................................................. 42 Chapter 6 _ System Hardening ................................................................................................................ 45 6.1. Uninstall Unnecessary Software ................................................................................................. 46 6.2. Disable Unnecessary Services ..................................................................................................... 46 6.3. Disable Unnecessary Accounts ................................................................................................... 47 6.4. Update and Patch Windows and Other Applications ................................................................. 48 6.5. Password Protection ................................................................................................................... 48 Chapter 7 _ Antivirus, Keyloggers, Firewalls, DLP’s, and HID’s ................................................................ 50 7.1. Antivirus ...................................................................................................................................... 51 7.2. Hardware Keyloggers .................................................................................................................. 51 7.3. Firewalls ...................................................................................................................................... 52 7.4. DLP’s ............................................................................................................................................ 52 7.5. HIDS’s and NID’s .......................................................................................................................... 53 7.6. Other Considerations .................................................................................................................. 53 Chapter 8 _ Networks .............................................................................................................................. 54 8.1. Private vs. Public IP Address ....................................................................................................... 55 8.2. MAC Address ............................................................................................................................... 55 8.3. Public Wireless ............................................................................................................................ 56 8.4. Security Protocols ....................................................................................................................... 58 8.5. Chat Sites ‐ How Attackers Attack ............................................................................................... 59 8.6. Other Considerations .................................................................................................................. 61 8.7. Extra: MAC Address Spoofing and ARP Attacks ‐ How they work .............................................. 62 Chapter 9 _ Web Browser Security .......................................................................................................... 64 9.1. Downloading and Using the Tor Browser Bundle ....................................................................... 65 9.2. Configuring Web‐Browsers and Applications to Use Tor ............................................................ 67 9.3. What is Sandboxing and What is JIT Hardening, and Why Do I Care? ........................................ 68 9.4. JavaScript .................................................................................................................................... 68 9.5. Cookie Protection and Session Hijacking Attacks ....................................................................... 69 Page | 4 9.6. Caching ........................................................................................................................................ 69 9.7. Referers ....................................................................................................................................... 70 9.8. CSRF/CSRF Attacks (XSS Attack) .................................................................................................. 71 9.9. Protect Browser Settings
Load more

Recommended publications
  • CERIAS Tech Report 2017-5 Deceptive Memory Systems by Christopher N
    CERIAS Tech Report 2017-5 Deceptive Memory Systems by Christopher N. Gutierrez Center for Education and Research Information Assurance and Security Purdue University, West Lafayette, IN 47907-2086 DECEPTIVE MEMORY SYSTEMS ADissertation Submitted to the Faculty of Purdue University by Christopher N. Gutierrez In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy December 2017 Purdue University West Lafayette, Indiana ii THE PURDUE UNIVERSITY GRADUATE SCHOOL STATEMENT OF DISSERTATION APPROVAL Dr. Eugene H. Spa↵ord, Co-Chair Department of Computer Science Dr. Saurabh Bagchi, Co-Chair Department of Computer Science Dr. Dongyan Xu Department of Computer Science Dr. Mathias Payer Department of Computer Science Approved by: Dr. Voicu Popescu by Dr. William J. Gorman Head of the Graduate Program iii This work is dedicated to my wife, Gina. Thank you for all of your love and support. The moon awaits us. iv ACKNOWLEDGMENTS Iwould liketothank ProfessorsEugeneSpa↵ord and SaurabhBagchi for their guidance, support, and advice throughout my time at Purdue. Both have been instru­ mental in my development as a computer scientist, and I am forever grateful. I would also like to thank the Center for Education and Research in Information Assurance and Security (CERIAS) for fostering a multidisciplinary security culture in which I had the privilege to be part of. Special thanks to Adam Hammer and Ronald Cas­ tongia for their technical support and Thomas Yurek for his programming assistance for the experimental evaluation. I am grateful for the valuable feedback provided by the members of my thesis committee, Professor Dongyen Xu, and Professor Math­ ias Payer.
    [Show full text]
  • Fraud and the Darknets
    OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Fraud And The Darknets Thomas Harper Assistant Special Agent in Charge Technology Crimes Division OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division What is an OIG? • Established by Congress • Independent agency that reports to Congress • Agency head appointed by the President and confirmed by Congress • Mission: protect the taxpayer’s interests by ensuring the integrity and efficiency of the associated agency OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Technology Crimes Division • Investigate criminal cyber threats against the Department’s IT infrastructure, or • Criminal activity in cyber space that threatens the Department’s administration of Federal education assistance funds • Investigative jurisdiction encompasses any IT system used in the administration of Federal money originating from the Department of Education. OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Work Examples • Grade hacking • Computer Intrusions • Criminal Forums online selling malware • ID/Credential theft to hijack Student Aid applications • Misuse of Department systems to obtain personal information • Falsifying student aid applications by U.S. government employees • Child Exploitation material trafficking OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Fraud and the Darknets Special Thanks to Financial Crimes Enforcement Network (FINCEN) OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Fraud and the Darknets OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division OFFICE OF THE INSPECTOR GENERAL U.S.
    [Show full text]
  • August 10, 2011 Broadcasting Board of Governors International
    August 10, 2011 Broadcasting Board of Governors International Broadcasting Bureau Office of Engineering Cohen Building, Room 4300 330 Independence Avenue, SW Washington, DC 20237 Attn: Malita Dyson Dear Ms. Dyson, Below is our thirty-ninth invoice for contract number BBGCON1808C6700, Accounting Appropri­ ation Data 9568-08-0206-E009701048A. There are no travel costs. Services rendered include blocking resistance architecture and testing, scalability and promotion and advocacy for the Tor network, and other detailed tasks under 0001 of our contract as confirmed in our status reports to BBG. Please do not hesitate to email me at [email protected] or call me at (b) (6) if there are any questions. Invoice 39: Period Months Rate Cost 06/17/2011 - 07/17/2011 1 $15,000 $15,000 Thank you. Sincerely, Andrew Lewman Executive Director TorProject Invoice BBG08102011 The Tor Project, Inc. 969 Main Street, Suite 206, Walpole, MA 02081-2972 USA https://www.torproject.org/ From: Andrew Lewman. Executive Director To: Kelly DeYoe, program officer, BBG RE: contract BBGCON1807S6441 Date: August 10, 2011 This report documents progress in July 2011 on contract BBGCON1807S6441 between BBG and The Tor Project. New releases, new hires, new funding New Releases 1. On July 7, we released Torbutton 1.4.0. The addon has been disabled on addons.mozilla.org. Our URL is now canonical. This release features support for Firefox 5.0, and has been tested against the vanilla release for basic functionality. However, it has not been audited for Network Isolation, State Separation, Tor Undiscoverability or Interoperability issues[l] due to toggling under Firefox 5.
    [Show full text]
  • Legislators of Cyberspace: an Analysis of the Role Of
    SHAPING CODE Jay P. Kesan* & Rajiv C. Shah** I. INTRODUCTION ............................................................................................................................ 4 II. THE CASE STUDIES: THE DEVELOPMENT OF CODE WITHIN INSTITUTIONS.............................. 13 A. World Wide Web......................................................................................................... 14 1. Libwww............................................................................................................ 14 2. NCSA Mosaic .................................................................................................. 16 B. Cookies ........................................................................................................................ 21 1. Netscape’s Cookies .......................................................................................... 21 2. The IETF’s Standard for Cookies .................................................................... 24 C. Platform for Internet Content Selection....................................................................... 28 D. Apache......................................................................................................................... 34 III. LEGISLATIVE BODIES: SOCIETAL INSTITUTIONS THAT DEVELOP CODE ................................. 37 A. Universities.................................................................................................................. 38 B. Firms...........................................................................................................................
    [Show full text]
  • File Scavenger User Guide
    File Scavenger® Version 3.2 Comprehensive Data Recovery Tool For Microsoft® Windows® 7, Vista, XP, 2008, 2003, 2000 and NT User’s Guide Revision: 4 Date: September 2010 QueTek® Consulting Corporation COPYRIGHT © Copyright 1998-2010. This document contains materials protected by International Copyright Laws. All rights reserved. No part of this manual may be reproduced, transmitted or transcribed in any form and for any purpose without the express written permission of QueTek® Consulting Corporation. TRADEMARKS Companies and products mentioned in this manual are for identification purpose only. Product names or brand names appearing in this manual may or may not be registered trademarks or copyrights of their respective companies. NOTICE Reasonable effort has been made to ensure that the information in this manual is accurate. QueTek® Consulting Corporation assumes no liability for technical inaccuracies, typographical, or other errors contained herein. QueTek® Consulting Corporation provides this manual “as is” without warranty of any kind, either express or implied, including, but not limited to the implied warranties or conditions of merchantability or fitness for a particular purpose. In no event shall QueTek® Consulting Corporation be liable for any loss of profits, or for direct, indirect, special, incidental or consequential damages arising from any defect or error in QueTek® Consulting Corporation’s products or manuals. Information in this manual is subject to change without notice and does not represent a commitment on the part of QueTek® Consulting Corporation. User Guide - ii LICENSE AGREEMENT AND LIMITED WARRANTY READ THE FOLLOWING TERMS AND CONDITIONS CAREFULLY PRIOR TO PURCHASING THE LICENSE CODE TO UNLOCK FILE SCAVENGER®.
    [Show full text]
  • User's Manual Undelete® for Windows
    User’s Manual Undelete® for Windows® Up-to-the-minute Data Protection® July 2007 This document describes the installation and operation of the Undelete file recovery solutions. It applies to the Server, Desktop Client, Professional and Home Editions of Undelete and is intended for Windows users and system managers. Revision/Update Information: This is a revised manual Software Versions: Undelete 5.0 Server Edition Undelete 5.0 Professional Edition Undelete 5.0 Home Edition Undelete 5.0 Desktop Client Operating Systems: Windows Server 2003 Windows XP Windows 2000 Diskeeper Corporation, Burbank, California ________________________ July 2007 _________ © 2000 — 2007 by Diskeeper Corporation The Software described in this document is owned by Diskeeper Corporation and is protected by United States copyright laws and international treaty provisions. Therefore, you must treat the Software like any other copyrighted material (e.g. a book or musical recording) except that you may either (a) make one copy of the Software solely for backup or archival purposes, or (b) transfer the Software to a single hard disk provided you keep the original solely for backup or archival purposes. You may not copy the user documentation provided with the Software, except for your own authorized use. RESTRICTED RIGHTS LEGEND The software and documentation are provided with RESTRICTED RIGHTS. Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and (2) of the Commercial Computer Software-Restricted Rights at 48 CFR 52.227-19 as applicable.
    [Show full text]
  • Tor and Circumvention: Lessons Learned
    Tor and circumvention: Lessons learned Nick Mathewson The Tor Project https://torproject.org/ 1 What is Tor? Online anonymity 1) open source software, 2) network, 3) protocol Community of researchers, developers, users, and relay operators Funding from US DoD, Electronic Frontier Foundation, Voice of America, Google, NLnet, Human Rights Watch, NSF, US State Dept, SIDA, ... 2 The Tor Project, Inc. 501(c)(3) non-profit organization dedicated to the research and development of tools for online anonymity and privacy Not secretly evil. 3 Estimated ~250,000? daily Tor users 4 Anonymity in what sense? “Attacker can’t learn who is talking to whom.” Bob Alice Alice Anonymity network Bob Alice Bob 5 Threat model: what can the attacker do? Alice Anonymity network Bob watch Alice! watch (or be!) Bob! Control part of the network! 6 Anonymity isn't cryptography: Cryptography just protects contents. “Hi, Bob!” “Hi, Bob!” Alice <gibberish> attacker Bob 7 Anonymity isn't just wishful thinking... “You can't prove it was me!” “Promise you won't look!” “Promise you won't remember!” “Promise you won't tell!” “I didn't write my name on it!” “Isn't the Internet already anonymous?” 8 Anonymity serves different interests for different user groups. Anonymity “It's privacy!” Private citizens 9 Anonymity serves different interests for different user groups. Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 10 Anonymity serves different interests for different user groups. “It's traffic-analysis resistance!” Governments Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 11 Anonymity serves different interests for different user groups.
    [Show full text]
  • Vol.11, No. 2, 2011
    Applied Computing Review 2 SIGAPP FY’11 Semi-Annual Report July 2010- February 2011 Sung Y. Shin Mission To further the interests of the computing professionals engaged in the development of new computing applications and to transfer the capabilities of computing technology to new problem domains. Officers Chair – Sung Y. Shin South Dakota State University, USA Vice Chair – Richard Chbeir Bourgogne University, Dijon, France Secretary – W. Eric Wong University of Texas, USA Treasurer – Lorie Liebrock New Mexico Institute of Mining and Technology, USA Web Master – Hisham Haddad Kennesaw State University, USA ACM Program Coordinator – Irene Frawley ACM HQ Applied Computing Review 3 Notice to Contributing Authors to SIG Newsletters By submitting your article for distribution in this Special Interest Group publication, you hereby grant to ACM the following non-exclusive, perpetual, worldwide rights. • To publish in print on condition of acceptance by the editor • To digitize and post your article in the electronic version of this publication • To include the article in the ACM Digital Library • To allow users to copy and distribute the article for noncommercial, educational, or research purposes. However, as a contributing author, you retain copyright to your article and ACM will make every effort to refer requests for commercial use directly to you. Status Update SIGAPP's main event for this year will be the Symposium on Applied Computing (SAC) 2011 in Taichung, Taiwan from March 21-24 which will carry the tradition from Switzerland's SAC 2010. This year's SAC preparation has been very successful. More details about incoming SAC 2011 will follow in the next section.
    [Show full text]
  • Tor: the Second-Generation Onion Router (2014 DRAFT V1)
    Tor: The Second-Generation Onion Router (2014 DRAFT v1) Roger Dingledine Nick Mathewson Steven Murdoch The Free Haven Project The Free Haven Project Computer Laboratory [email protected] [email protected] University of Cambridge [email protected] Paul Syverson Naval Research Lab [email protected] Abstract Perfect forward secrecy: In the original Onion Routing We present Tor, a circuit-based low-latency anonymous com- design, a single hostile node could record traffic and later munication service. This Onion Routing system addresses compromise successive nodes in the circuit and force them limitations in the earlier design by adding perfect forward se- to decrypt it. Rather than using a single multiply encrypted crecy, congestion control, directory servers, integrity check- data structure (an onion) to lay each circuit, Tor now uses an ing, configurable exit policies, anticensorship features, guard incremental or telescoping path-building design, where the nodes, application- and user-selectable stream isolation, and a initiator negotiates session keys with each successive hop in practical design for location-hidden services via rendezvous the circuit. Once these keys are deleted, subsequently com- points. Tor is deployed on the real-world Internet, requires promised nodes cannot decrypt old traffic. As a side benefit, no special privileges or kernel modifications, requires little onion replay detection is no longer necessary, and the process synchronization or coordination between nodes, and provides of building circuits is more reliable, since the initiator knows a reasonable tradeoff between anonymity, usability, and ef- when a hop fails and can then try extending to a new node.
    [Show full text]
  • The Dark Net Free
    FREE THE DARK NET PDF Jamie Bartlett | 320 pages | 12 Mar 2015 | Cornerstone | 9780099592020 | English | London, United Kingdom What Is the Dark Net? A dark net or darknet is an overlay network within the Internet that can only be accessed with specific software, configurations, or The Dark Net, [1] and often uses a unique customised communication protocol. Two typical darknet types are social networks [2] usually used for file hosting with a peer-to-peer connection[3] and anonymity proxy networks such as Tor via an anonymized series of connections. The term The Dark Net was popularised by major news outlets to associate with Tor Onion serviceswhen the infamous drug bazaar Silk Road used it, [4] despite the terminology being unofficial. Technology such as TorI2Pand Freenet was intended to defend digital rights by providing security, anonymity, or censorship resistance and is used for both illegal and legitimate reasons. Anonymous communication between whistle- blowersactivists, journalists and news organisations is also facilitated The Dark Net darknets through use of applications such as SecureDrop. The term originally The Dark Net computers on ARPANET that were hidden, programmed to receive messages but not respond to or acknowledge anything, thus remaining invisible, in the dark. Since ARPANETthe usage of dark net has expanded to include friend-to-friend networks usually used for file sharing with a peer-to-peer connection and privacy networks such as Tor. The term "darknet" is often used interchangeably with The Dark Net " dark web " due to the quantity of hidden services on Tor 's darknet. The term is often inaccurately used interchangeably with the deep web due to Tor's history as a platform that could not be search-indexed.
    [Show full text]
  • (Electronic) Trash: True Deletion Would Soothe E-Discovery Woes
    Minnesota Journal of Law, Science & Technology Volume 7 Issue 2 Article 13 2006 Throwing Out the (Electronic) Trash: True Deletion Would Soothe E-Discovery Woes Andrew Moerke Mason Follow this and additional works at: https://scholarship.law.umn.edu/mjlst Recommended Citation Andrew M. Mason, Throwing Out the (Electronic) Trash: True Deletion Would Soothe E-Discovery Woes, 7 MINN. J.L. SCI. & TECH. 777 (2006). Available at: https://scholarship.law.umn.edu/mjlst/vol7/iss2/13 The Minnesota Journal of Law, Science & Technology is published by the University of Minnesota Libraries Publishing. MASON_FINAL_UPDATED 6/7/2006 6:39:12 PM Throwing Out the (Electronic) Trash: True Deletion Would Soothe E-Discovery Woes * Andrew Moerke Mason Electronic discovery (e-discovery) consumes time, money, and resources like few other aspects of modern-day litigation. Deleted data, metadata, backup data, and other intangible forms of information make e-discovery more complex and contentious than traditional discovery.1 Computer users generate and retain electronic documents with ease, leading to significantly greater amounts of data than in a paper-only world.2 E-discovery’s volume and complexity increase litigation costs and complicate discovery disputes between parties, draining both party and judicial resources. More vexing than other areas of e-discovery, e-discovery of deleted data demands expensive forensic techniques, dampens business productivity, and holds no guarantee of yielding evidence. Parties anguish over whether deleted files on a computer hard drive could contain information critical to a © 2006 Andrew Moerke Mason. * J.D. expected 2007, University of Minnesota Law School; B.S. 1999, University of California, Berkeley.
    [Show full text]
  • Dissertation Docteur De L'université Du Luxembourg
    PhD-FSTC-2012-10 The Faculty of Sciences, Technology and Communication DISSERTATION Defense held on 30/03/2012 in Luxembourg to obtain the degree of DOCTEUR DE L’UNIVERSITÉ DU LUXEMBOURG EN INFORMATIQUE by Cynthia WAGNER Born on 2nd August 1982 in Esch/Alzette (Luxembourg) SECURITY AND NETWORK MONITORING BASED ON INTERNET FLOW MEASUREMENTS Dissertation defense committee Dr Thomas Engel, dissertation supervisor Professor, Université du Luxembourg-SnT Dr Chrisptoh Schommer, Chairman Professor, Université du Luxembourg Dr Vijay Gurbani, Vice Chairman Professor, Illinois Institute of Technology and Bell Laboratories Dr Radu State Dr. habil., Université du Luxembourg – SnT Dr Jean Hilger Banque et Caisse d’Epargne de l’Etat (BCEE) 2 Acknowledgments This doctoral thesis has been realized at the SECAN-LAB of the Interdisciplinary Centre for Security, Reliability and Trust (SnT) and the University of Luxembourg. Writing this doctoral thesis without help and support from kind people would not have been possible. First of all, I would like to thank my supervisor, Prof. Dr. Thomas Engel, for giving me the opportunity of being a member of his research team for the last four years. I owe sincere and earnest thanks to my supervisor Dr.hab. Radu State for his support and advice. I want to thank Prof. Dr. Vijay Gurbani for being part in my CET committee. I owe sincere thanks to Dr. Jean Hilger and Prof. Dr. Christoph Schommer for participating in the jury of this thesis. Furthermore, I would like to thank Dr. G´erardWagener and Alexandre Dulaunoy from the Computer Incident Response Centre Luxembourg for providing relevant research data and especially for their scientific cooperation and support.
    [Show full text]