A New Standard in Digital Forensics

Total Page:16

File Type:pdf, Size:1020Kb

A New Standard in Digital Forensics A New Standard in Digital Forensics Extremely fast forensic imaging at over 30GB/min* Image and verify from 4 source drives to 5 destinations Write-blocked preview & triage of suspect drive contents Image to or from a network location Multi-task. Set Image, wipe, hash tasks to run concurrently Targeted Imaging feature allows you to create a logical image using pre-set, custom filters, file signature filters and/or keyword search to capture only specific files needed Supports PCIe SSDs (M.2 SATA/AHCI/NVME type) with optional adapters Without exception, the most technologically advanced forensic imaging solution available. Blazing fast performance, feature-packed, and designed to meet future technology advances, the Falcon sets a new standard of excellence in digital forensic imaging solutions. FEATURES ­n The Falcon is blazing fast with imaging speeds of ­n Built-in support for SAS/SATA/USB3/FireWire n Write-blocked preview/triage hard drive contents. over 30GB/min* storage devices. Adapters are included with Use the Falcon as a write-blocker. The file browser ­n Image and verify to multiple image formats; Falcon to support 1.8”/2.5”/3.5”/1.8” ZIF IDE and feature provides write-blocked access to source or native copy, dd image, e01, ex01 and file-based microSATA drive interfaces. Optional adapters are destination drives connected to Falcon. View the copy. Compression available for E01/Ex01 available for eSATA, mSATA and compact flash drive’s partitions and contents and view text files, formats. Uses SHA1, SHA256, MD5 and dual-hash drives. An optional SCSI module provides support jpeg, PDF, XML, or HTML files. File types such as (MD5+SHA1) authentication. for 1 SCSI source and 1 destination drive. .doc and .xls can be viewed by connecting Falcon to a network, download and view on a PC. Users ­n 4 Source and 5 Destination ports. Write-blocked ­n PCIe Support. Support for M.2 PCIe and M.2 NVMe can also preview source or destination drives using source ports include 2 SAS/SATA, 1 USB 3.0, 1 type SSDs and mini-PCIe and PCIe express cards the USB connection from the Falcon to a computer, FireWire. Destination ports include 2 SAS/SATA, 2 is provided using an optional express card adapter or by using the SMB protocol. The iSCSI protocol USB 3.0 and 1 FireWire. One Gigabit Ethernet port combined with specific interface adapters. can be used to preview source drives. is available. USB source and destination can be ­n CD/DVD/Blu-ray Imaging. The Falcon can image converted to SATA using a USB to SATA converter. CD/DVD/Blu-ray media by using a USB optical ­n Web browser. Connect to a networked Falcon from your laptop/desktop using a web browser ­n Targeted Imaging feature shortens acquisition drive connected to the USB port on the Falcon. The to manage all operations remotely. Features time. Create a logical image by using pre-set Falcon supports multi-session CD/DVDs. automatic page scaling for iPad type devices. filters, custom filters, file signature filters, and/or ­n Image to or from a network location or an keyword search function to select and acquire only external storage device. Use the Falcon to image ­n Image from a desktop or laptop PC without the specific files you need. An MFT report can be to a network location using CIFS protocol and/ removing the hard drive. Create a forensic bootable generated that contains a potential deleted file list. or image from a network location using iSCSI. USB flash drive to image a source drive from a Format output to LX01, ZIP or directory tree. Users Users can use iSCSI as a source or destination drive. computer on the same network without booting can browse and view directly on the Falcon display, Image to an external storage device (such as a the computer’s native O/S. or manage and view on a networked Falcon from NAS) using the Gigabit Ethernet, USB3.0 or SAS/ ­n Image from a MAC™ system booted in “target your laptop/desktop using a web browser. SATA connection disk mode” using the write-blocked FireWire ­ port on Falcon. MACs with either FireWire or Thunderbolt ports can be connected to the Falcon, a Thunderbolt to FireWire adapter is required. ­ www.logicube.com 19755 Nordhoff Place, Chatsworth, CA 91311 U.S.A. Toll-free (in U.S. only): 888.494.8832 n Tel: 818.700.8488 n Fax: 818.700.8466 A New Standard in Digital Forensics FEATURES cont’d n Multi-task. Image from multiple source drives to ­n Network Push feature. Push evidence files from n Audit Trail/Log files provide detailed information multiple destination drives or wipe one destination connected destination drives or from a Falcon on each operation. Log files can be viewed on drive while imaging to another. Perform up to five repository to a network location. The Falcon Falcon or via a web browser, exported in XML, tasks concurrently. performs an MD5 or SHA hash during the push HTML or PDF format to a USB enclosure. Users ­n Parallel Imaging. Perform multiple imaging process, a log file is generated for each push can print the log files directly from their PC when tasks from the same source drive to multiple process. connected to Falcon via a web browser. destinations using different imaging formats. ­n Image restore feature. File to drive mode restores ­n Additional features include HPA/DCO capture, ­n Concurrent Image+Verify. The Falcon begins DD, E01, EX01 images created by the Falcon to drive “trim” feature manipulates the DCO and verification during the imaging process. Duration another drive HPA areas of destination drives, create password- of total image plus verification process time may ­n Task Macro. Set specific tasks to be performed protected user profiles and save configurations, be reduced by up to half. sequentially; first wipe the destination drive then drive “time-out” feature automatically puts drives in stand-by mode after a specified idle ­n Secure sensitive evidence data with whole drive hash the source drive then image the source time, “task completed” audible beep, blank AES 256 bit Encryption. Decrypt using the Falcon drive. All tasks within the Macro will be performed disk check, drive spanning, 7” color touch screen, or by using open source software programs such automatically. two USB 2.0 host ports for keyboard, mouse as VeraCrypt, FreeOTFE or TrueCrypt ­n Features an internal, removable storage drive that or printer connectivity, and an HDMI port to stores O/S and audit trail/logs. The drive is easily ­n Fast multi-pass wipe (DoD specifications) or use connect a projector or monitor. secure erase to wipe drives, wipe at speeds of up removed for secure/classified locations. to 27GB/min. *The Forensic Falcon™ achieves speeds of over 30GB/min using solid state “suspect” drives that contain a freshly installed Windows “X” OS and random data. Settings used are e01/ex01 image format, with compression and with verify “on”. The specification and condition of the suspect hard drives as well as the mode, image format and settings used during the imaging process may affect the achieved speeds. IN THE BOX The following items are included with the Forensic Falcon: ­n 1 USB 3.0 device cable ­n 1.8” IDE to SATA adapter ­n 1 USB A female to micro B male converter coupler adapter ­n 1.8” microSATA adapter ­n 4 6-pin SATA power plugs ­n CD-ROM with Users’ Manual ­n 1.8” IDE ZIF to SATA adapter ­n 1 USB A female to USB mini-B 5 pin male adapter ­n Carrying case ­ ­n 2.5”/3.5” IDE to SATA adapter OPTIONS The following options are available for the Forensic Falcon: ­n SCSI Module provides 1 write-blocked source port and 1 ­n mSATA to SATA adapter ­n Flash Media Reader for compact flash cards, destination port. Built in support for 68-pin SCSI drives ­n USB 3.0 to SATA Adapter SD cards and other flash media ­n 50-pin to 68-pin or 80-pin to 68-pin SCSI adapters for use ­n USB 3.0 4-port hub ­n Hard-sided carrying case with SCSI Module ­n PCIe adapter kit includes adapters for M.2 PCIe, ­n eSATA to SATA cable converter M.2 NVMe, mSATA SSDs, PCie and mini-PCIe cards SPECIFICATIONS Power Power Operating Relative Net Dimensions Agency Requirements Consumption Temperature Humidity Weight Approvals 12 V DC, Grounded < 140W with drives 0 to 40°C 20% to 80% 2.4lbs/1.09k 8.5” W X 3” H X6.25” D RoHs compliant 11.5 AMP (32 to 104°F) 9lbs/4.3k with 21.6cm X 7.6cm X15.9cm FCC Part 15 Class A case & shipping box CE www.logicube.com 19755 Nordhoff Place, Chatsworth, CA 91311 U.S.A. Toll-free (in U.S. only): 888.494.8832 n Tel: 818.700.8488 n Fax: 818.700.8466.
Recommended publications
  • Omegakey Manage Your Device at the Management Module
    Welcome to use our latest version of Lost Mode How to Start to Use it Bluetooth tracker. Detect the distance between the device and Bluetooth Tracker module your phone under the lost mode .Turn on the Step 1: Download the latest version App(version 1.6.0) from Apple App store. omegakey Manage your device at the management module. alarm at alert whether the device is lost, there Step 2: Open the Bluetooth and App. are two levels of lost alarm mode. Select the Thank you for purchasing omegakey Freely set and remove your device here. Step 3: Tap the Beacon for 3-5 times on hard surface, and the Beacon will be connectable when you Double-click the “call” button to find your device. alarm mode you want from the device. Phone hear a buzz. alarm, and both ends alarm. Step 4: Click the Beacon in the App which you want to configure and enter a name to connect it. Step 5: Now, you can configure and use the Beacon normally. NEXT Note: If you're having trouble with the Bluetooth, we recommend you completely remove the battery from the unit for 10 sec and reinsert it. There are many apps you can download some are better than others, we have linked just click on the apple / android icons on the first page Once you have selected the app you like download it and follow the on screen instructions ATTACH BLUETOOTH BEACON EXTERNALLY FOR MAX PERFORMANCE Found mode More View the alarm location or item's last location Find the device under the find mode according p.s make sure your Bluetooth is on and your phone is compatible with 4.0 Bluetooth to the strength of the signal.
    [Show full text]
  • A Future-Focused Forensic Imager Designed to Streamline Evidence Collection Processes
    A Future-Focused Forensic Imager Designed to Streamline Evidence Collection Processes Extremely fast forensic imaging speed surpassing 50GB/min. Clone PCIe to PCIe at speeds above 90GB/min Image to/from Thunderbolt™ 3/USB-C external storage enclosures with an optional I/O card. Image and verify from up to 5 source drives up to 9 destinations simultaneously Create a logical image to capture only specific files needed Concurrent Image+Verify greatly reduces duration of image plus verification process Two 10GbE connections provide fast network imaging performance Network capture feature to capture network traffic, VOIP, internet activity Multi-task. Image from multiple sources simultaneously FEATURES n The Falcon®-NEO achieves imaging speeds when imaging directly to large capacity Thunder- n Image from a Mac® computer with USB-C ports surpassing 50GB/min and can clone PCIe to PCIe bolt 3 RAID storage enclosures for evidence data using a USB-C to USB-A cable and Target Disk at speeds at over 90GB/min. collection. The card connects to the Falcon-NEO’s Mode or use Logicube’s USB boot device to n Image and verify to multiple image formats; 2 write-blocked source I/O ports or 1 destination I/O image a source drive from a Mac computer on the native copy, .dd, dmg, e01 and ex01. The Falcon- port. The I/O card does not currently support imaging same network without booting the Mac computer’s ® NEO provides MD5, SHA1, SHA256, and dual hash in TDM from Mac systems, refer to the Falcon-NEO native OS. The Falcon-NEO supports imaging from ® authentication at extremely fast speeds.
    [Show full text]
  • Mobiflage: Deniable Storage Encryption for Mobile Devices 3
    TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING 1 Mobiflage: Deniable Storage Encryption for Mobile Devices Adam Skillen and Mohammad Mannan Abstract—Data confidentiality can be effectively preserved through encryption. In certain situations, this is inadequate, as users may be coerced into disclosing their decryption keys. Steganographic techniques and deniable encryption algorithms have been devised to hide the very existence of encrypted data. We examine the feasibility and efficacy of deniable encryption for mobile devices. To address obstacles that can compromise plausibly deniable encryption (PDE) in a mobile environment, we design a system called Mobiflage. Mobiflage enables PDE on mobile devices by hiding encrypted volumes within random data in a devices free storage space. We leverage lessons learned from deniable encryption in the desktop environment, and design new countermeasures for threats specific to mobile systems. We provide two implementations for the Android OS, to assess the feasibility and performance of Mobiflage on different hardware profiles. MF-SD is designed for use on devices with FAT32 removable SD cards. Our MF-MTP variant supports devices that instead share a single internal partition for both apps and user accessible data. MF-MTP leverages certain Ext4 file system mechanisms and uses an adjusted data-block allocator. These new techniques for storing hidden volumes in Ext4 file systems can also be applied to other file systems to enable deniable encryption for desktop OSes and other mobile platforms. Index Terms—File system security, Mobile platform security, Storage Encryption, Deniable encryption ✦ 1 INTRODUCTION AND MOTIVATION plaintext can be recovered by decrypting with the true key. In the event that a ciphertext is intercepted, and the Smartphones and other mobile computing devices are user is coerced into revealing the key, she may instead being widely adopted globally.
    [Show full text]
  • Deep Web for Journalists: Comms, Counter-Surveillance, Search
    Deep Web for Journalists: Comms, Counter-surveillance, Search Special Complimentary Edition for Delegates attending the 28th World Congress of the International Federation of Journalists * By Alan Pearce Edited by Sarah Horner * © Alan Pearce June 2013 www.deepwebguides.com Table of Contents Introduction by the International Federation of Journalists A Dangerous Digital World What is the Deep Web and why is it useful to Journalists? How Intelligence Gathering Works How this affects Journalists 1 SECURITY ALERT . Setting up Defenses 2 Accessing Hidden Networks . Using Tor . Entry Points 3 Secure Communications . Email . Scramble Calls . Secret Messaging . Private Messaging . Deep Chat . Deep Social Networks 4 Concealed Carry 5 Hiding Things . Transferring Secret Data . Hosting, Storing and Sharing . Encryption . Steganography – hiding things inside things 6 Smartphones . Counter-Intrusion . 007 Apps 7 IP Cameras 8 Keeping out the Spies . Recommended Free Programs . Cleaning Up . Erasing History . Alternative Software Share the Knowledge About the Authors Foreword by the International Federation of Journalists Navigating the Dangerous Cyber Jungle Online media safety is of the highest importance to the International Federation of Journalists. After all, the victims are often our members. The IFJ is the world’s largest organization of journalists and our focus is on ways and means to stop physical attacks, harassment and the killing of journalists and media staff. In an age where journalism – like everything else in modern life – is dominated by the Internet, online safety is emerging as a new front. In this new war, repressive regimes now keep a prying eye on what journalists say, write and film. They want to monitor contacts and they want to suppress information.
    [Show full text]
  • Mobigyges: a Mobile Hidden Volume for Preventing Data Loss, Improving Storage Utilization, and Avoiding Device Reboot
    MobiGyges: A Mobile Hidden Volume for Preventing Data Loss, Improving Storage Utilization, and Avoiding Device Reboot Wendi Fenga, Chuanchang Liua, Zehua Guob,c, Thar Bakerd, Gang Wangb,c, Meng Wanga, Bo Chenga, and Junliang Chena aBeijing University of Posts and Telecommunications, 10 Xitucheng RD, 100876, Beijing, China bBeijing Institute of Technology, 5 Zhongguancun ST South, 100081, Beijing, China cUniversity of Minnesota Twin Cities, 117 Pleasant ST, 55455, Minneapolis, USA dLiverpool John Moores University, James Parson Building, Liverpool, L3 3AF, UK Abstract Sensitive data protection is essential for mobile users. Plausibly Deniable Encryption (PDE) systems provide an effective manner to protect sensitive data by hiding them on the device. However, existing PDE systems can lose data due to overriding the hidden volume, waste physical storage because of the \reserved area" used for avoiding data loss, and require device reboot when using the hidden volume. This paper presents MobiGyges, a hidden volume based mobile PDE system, to fill the gap. MobiGyges addresses the problem of data loss by restricting each storage block used only by one volume, and it improves storage utilization by eliminating the \reserved area". MobiGyges can also avoid device reboot by mounting the hidden volume dynamically on-demand with the Dynamic Mounting service. Moreover, we identify two novel PDE oriented attacks, the capacity comparison attack and the fill-to-full attack. MobiGyges can defend them by jointly leveraging the Shrunk U-disk method and multi-level deniability. We implement the MobiGyges proof-of-concept system on a real mobile phone Google Nexus 6P with LineageOS 13. Experimental results show that MobiGyges prevents data loss, avoids device reboot, improves storage utilization by over 30% with acceptable performance overhead compared with current works.
    [Show full text]
  • Or As I Like to Call It, Occult Computing Adrian Crenshaw
    Or as I like to call it, Occult Computing Adrian Crenshaw http://Irongeek.com I run Irongeek.com I have an interest in InfoSec education I don’t know everything - I’m just a geek with time on my hands http://Irongeek.com Occult comes from the Latin word occultus (clandestine, hidden, secret), referring to "knowledge of the hidden". Forensic: Relating to the use of science and technology in the investigation and establishment of facts or evidence in a court of law. Since hiding activities is what we are doing, Occult Computing seems like a good name. Since people are not necessarily hiding their activities from a court of law, the term anti-forensics may not apply. Occult Computing sounds cooler than Anti-forensics Cthulhu fhtagn http://Irongeek.com Thanks to Wikipedia and Wiktionary for wording of definitions Why: Not about just hiding your stash from the Fuzz… Law/policy enforcement may find it useful to know how folks hide their computer activities Users may want to know how to hide their activities from invasive law/policy enforcement Companies may want to know how to clear boxes before donating them What: Mostly Windows, but most ideas are applicable to other operating systems Not going to cover malware analysis, nor network anti-forensics (at least not much) Mostly we will cover hiding tracks left on storage media http://Irongeek.com 1. Don’t leave tracks in the first place 2. Selective file removal and encryption tools 3. Parlor Tricks 4. Nuke it from orbit, it's the only way to be sure http://Irongeek.com Bow down before my Venn diagram of doom!!! If it’s not easy, folks won’t do it.
    [Show full text]
  • Comparison of Disk Encryption Software 1 Comparison of Disk Encryption Software
    Comparison of disk encryption software 1 Comparison of disk encryption software This is a technical feature comparison of different disk encryption software. Background information Name Developer First released Licensing Maintained? ArchiCrypt Live Softwaredevelopment Remus ArchiCrypt 1998 Proprietary Yes [1] BestCrypt Jetico 1993 Proprietary Yes BitArmor DataControl BitArmor Systems Inc. 2008-05 Proprietary Yes BitLocker Drive Encryption Microsoft 2006 Proprietary Yes Bloombase Keyparc Bloombase 2007 Proprietary Yes [2] CGD Roland C. Dowdeswell 2002-10-04 BSD Yes CenterTools DriveLock CenterTools 2008 Proprietary Yes [3][4][5] Check Point Full Disk Encryption Check Point Software Technologies Ltd 1999 Proprietary Yes [6] CrossCrypt Steven Scherrer 2004-02-10 GPL No Cryptainer Cypherix (Secure-Soft India) ? Proprietary Yes CryptArchiver WinEncrypt ? Proprietary Yes [7] cryptoloop ? 2003-07-02 GPL No cryptoMill SEAhawk Proprietary Yes Discryptor Cosect Ltd. 2008 Proprietary Yes DiskCryptor ntldr 2007 GPL Yes DISK Protect Becrypt Ltd 2001 Proprietary Yes [8] cryptsetup/dmsetup Christophe Saout 2004-03-11 GPL Yes [9] dm-crypt/LUKS Clemens Fruhwirth (LUKS) 2005-02-05 GPL Yes DriveCrypt SecurStar GmbH 2001 Proprietary Yes DriveSentry GoAnywhere 2 DriveSentry 2008 Proprietary Yes [10] E4M Paul Le Roux 1998-12-18 Open source No e-Capsule Private Safe EISST Ltd. 2005 Proprietary Yes Dustin Kirkland, Tyler Hicks, (formerly [11] eCryptfs 2005 GPL Yes Mike Halcrow) FileVault Apple Inc. 2003-10-24 Proprietary Yes FileVault 2 Apple Inc. 2011-7-20 Proprietary
    [Show full text]
  • Falcon®-NEO User's Manual
    Falcon®-NEO User’s Manual Logicube, Inc. Chatsworth, CA 91311 USA Phone: 818 700 8488 Fax: 818 700 8466 Version: 3.2u1 Date: 10/22/2020 MAN-FALCON-NEO Logicube Falcon®-NEO User’s Manual I Limitation of Liability and Warranty Information Logicube Disclaimer LOGICUBE IS NOT LIABLE FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED TO PROPERTY DAMAGE, LOSS OF TIME OR DATA FROM USE OF A LOGICUBE PRODUCT, OR ANY OTHER DAMAGES RESULTING FROM PRODUCT MALFUNCTION OR FAILURE OF (INCLUDING WITHOUT LIMITATION, THOSE RESULTING FROM: (1) RELIANCE ON THE MATERIALS PRESENTED, (2) COSTS OF REPLACEMENT GOODS, (3) LOSS OF USE, DATA OR PROFITS, (4) DELAYS OR BUSINESS INTERRUPTIONS, (5) AND ANY THEORY OF LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE (OR FROM DELAYS IN SERVICING OR INABILITY TO RENDER SERVICE ON ANY) LOGICUBE PRODUCT. LOGICUBE MAKES EVERY EFFORT TO ENSURE PROPER OPERATION OF ALL PRODUCTS. HOWEVER, THE CUSTOMER IS RESPONSIBLE TO VERIFY THAT THE OUTPUT OF LOGICUBE PRODUCT MEETS THE CUSTOMER’S QUALITY REQUIREMENT. THE CUSTOMER FURTHER ACKNOWLEDGES THAT IMPROPER OPERATION OF LOGICUBE PRODUCT AND/OR SOFTWARE, OR HARDWARE PROBLEMS, CAN CAUSE LOSS OF DATA, DEFECTIVE FORMATTING, OR DATA LOADING. LOGICUBE WILL MAKE EFFORTS TO SOLVE OR REPAIR ANY PROBLEMS IDENTIFIED BY CUSTOMER, EITHER UNDER WARRANTY OR ON A TIME AND MATERIALS BASIS. Warranty DISCLAIMER IMPORTANT - PLEASE READ THE TERMS OF THIS AGREEMENT CAREFULLY. BY INSTALLING OR USING LOGICUBE PRODUCTS, YOU AGREE TO BE BOUND BY THIS AGREEMENT. IN NO EVENT WILL LOGICUBE BE LIABLE (WHETHER UNDER THIS AGREEMENT, RESULTING FROM THE PERFORMANCE OR USE OF LOGICUBE PRODUCTS, OR OTHERWISE) FOR ANY AMOUNTS REPRESENTING LOSS OF PROFITS, LOSS OR INACCURACY OF DATA, LOSS OR DELAYS OF BUSINESS, LOSS OF TIME, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES, OR TECHNOLOGY, PROPERTY DAMAGE, OR INDIRECT, CONSEQUENTIAL, OR PUNITIVE DAMAGES OF A PURCHASER OR USER OF LOGICUBE PRODUCTS OR ANY THIRD PARTY.
    [Show full text]
  • Anti-Virus - Backup - Encryption - File System - Forensics Media - Networking - Office - Password Recovery Pen-Testing - Registry - System - Utilities
    Katana Tool Kit: Portable Applications Anti-Virus - Backup - Encryption - File System - Forensics Media - Networking - Office - Password Recovery Pen-Testing - Registry - System - Utilities Portable applications are those which do not require installation on a system to be executed. They can be run directly from an external device allowing you to bring all your favorite applications around with you on one drive. The Katana Tool Kit comes preconfigured with over a hundred portable applications. Anti-Virus ClamAV 0.96 ClamWin Portable is the popular ClamWin antivirus packaged as a portable app, so you can take your antivirus with you to scan files on the go. You can place it on your USB flash drive, iPod, portable hard drive or a CD and use it on any computer, without leaving any personal information behind. SpyDLLRemover 3.2 SpyDLLRemover is the standalone tool to effectively detect and delete spywares from the system. It comes with advanced spyware scanner which quickly discovers hidden Rootkit processes as well suspcious/injected DLLs within all running processes. StreamArmor 1 StreamArmor is the sophisticated tool for discovering hidden alternate data streams (ADS) as well as clean them completely from the system. It's advanced auto analysis coupled with online threat verification mechanism makes it the best tool available in the market for eradicating the evil streams. StreamArmor comes with fast multi threaded ADS scanner which can recursively scan over entire system and quickly uncover all hidden streams. Backup Unstoppable Copier 4.4 Unstoppable Copier is a Free Portable tool that allows you to recover files from hard drives, flash drives, CDs/DVDs and other media disks that have physical damage or are starting to go bad.
    [Show full text]
  • Artifice: a Deniable Steganographic File System
    Artifice: A Deniable Steganographic File System Austen Barker Staunton Sample Yash Gupta Anastasia McTaggart Ethan L. Miller Darrell D. E. Long University of California, Santa Cruz Abstract nations and law enforcement to legally obligate disclosure of The challenge of deniability for sensitive data can be a life encryption keys [24]. or death issue depending on location. Plausible deniability Since carrying encrypted files or dedicated hardware is in- directly impacts groups such as democracy advocates relay- herently suspicious, a deniable storage system must co-exist ing information in repressive regimes, journalists covering with an open public file system to maintain plausible de- human rights stories in a war zone, and NGO workers hid- niability. It is highly suspicious if there are visible drivers ing food shipment schedules from violent militias. All of or firmware, unconventional partitioning schemes, unusable these users would benefit from a plausibly deniable data stor- space in a file system, or unexplained changes to disk free age system. Previous deniable storage solutions only offer space. The hidden file system must therefore operate in such pieces of an implementable solution. Artifice is the first tun- a way that the encapsulating file system and operating system able, operationally secure, self repairing, and fully deniable are unaware of the hidden file system’s existence, even when steganographic file system. faced with a detailed forensic examination. A deniable sys- Artifice operates through the use of a virtual block device tem must therefore meet four requirements: effectively hide driver stored separately from the hidden data. It uses external existence of the data, disguise hidden data accesses, have no entropy sources and erasure codes to deniably and reliably impact on the behavior of the public system, and hide the store data within the unallocated space of an existing file software used to access the hidden data.
    [Show full text]
  • Delineation of Trivial PGP Security
    IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661,p-ISSN: 2278-8727, Volume 20, Issue 3, Ver. I (May. - June. 2018), PP 17-23 www.iosrjournals.org Delineation of Trivial PGP Security Mr. Nikhil Joshi1, Mr. Gaurav Kumar2, 3 Prof. Divya Premchandran Asst Professor , 1mca Student, Bvimit Cbd Belapur, Navi Mumbai. 2mca Student, Bvimit Cbd Belapur, Navi Mumbai. 3mca Bvimit Cbd Belapur, Navi Mumbai. Corresponding Author:Mr. Nikhil Joshi Abstract: The enhanced PGP Security that we are proposing is based only for digital signatures & encryption/decryption of the messages. The algorithm that is used here consists of asymmetric algorithm as RSA 4096 & the symmetric algorithm used is AES-256(Advance Encryption standard). Also we require hashing function in order to secure the digital signature as well as messages. Hence we use Whirlpool hashing function which is open source & is based on 512 block cipher that makes the application more powerful than the previously used. Keywords: -Asymmetry algorithm, AES-256, Digital Signature, Hash Function, OpenPGP , PGP, RSA 4096, Rijndael Cipher, SHA-256, Symmetric algorithm, Whirlpool. -------------------------------------------------------------------------------------------------------------------------------------- Date of Submission: 07-05-2018 Date of acceptance: 26-05-2018 ----------------------------------------------------------------------------------------------------------------------------- ---------- I. Introduction The process of creating & maintaining digitalsignature along with encryption/decryption of messages is widely known & used in PGP. Various symmetric algorithms like DES, Triple DES, Twofish & IDEA along with hashing functions like MD5, SHA-1, SHA-256 has been introduced to provide a stronger encryption technique. The key exchange policy RSA 4096 is still considered the best asymmetric algorithm so far. Although being so strong in their encryption technique it is still slower & weaker compared to the newly concept that we are going to introduce is AES-256 & Whirlpool.
    [Show full text]
  • Applied Cryptography
    2/26/2019 L06 – Applied Cryptography APPLIED CRYPTOGRAPHY © Robert F. Kelly, 2012-2019 ISE331 – Computer Security 2 Reading • Chapter 6 • Wiki pages for various attack strategies http://en.wikipedia.org/wiki/Rainbow_table http://en.wikipedia.org/wiki/Trusted_Platform_Module 1 2/26/2019 L06 – Applied Cryptography © Robert F. Kelly, 2012-2019 ISE331 – Computer Security 3 Objectives • Learn the elements involved in the correct use of cryptography • Understand cryptography attack methods © Robert F. Kelly, 2012-2019 ISE331 – Computer Security 4 Cryptography in Use • Confidentiality – keep data a secret • Integrity – message not altered in transmission • Authentication – match a user to an account through previously shared credentials • Nonrepudiation – message sender cannot deny that they sent the message Availability (an important security concept is not addressed through cryptography 2 2/26/2019 L06 – Applied Cryptography © Robert F. Kelly, 2012-2019 ISE331 – Computer Security 5 Two Way Communication Public Key B Private KeyB Plaintext Ciphertext Plaintext Encryption Decryption Ciphertext Plaintext Decryption Encryption Public Key Private KeyA A © Robert F. Kelly, 2012-2019 ISE331 – Computer Security 6 Hybrid Techniques We cover TLS and SSL in the “Standards & Protocols” session Message Encrypted message Symmetric Symmetric encryption decryption Symmetric key symmetric key Public Key Encryption Public key decryption Message Recipient’s public key Private key 3 2/26/2019 L06 – Applied Cryptography © Robert F. Kelly, 2012-2019 ISE331 – Computer
    [Show full text]