DOCSLIB.ORG

Emerging Trends and Issues

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

EMERGING TRENDS AND ISSUES UNTRACEABLE LINKS: TECHNOLOGIES USED BY FRAUDSTERS TO HIDE THEIR TRACKS New mobile apps, underground networks and crypto-phones are appearing daily. More sophisticated technologies, such as mesh networks, allow mobile devices to use public Wi-Fi to communicate from one device to another without ever using the cellular network or the Internet. Anonymous and encrypted email services are under development to evade government surveillance. Learn how these new capabilities are helping to make anonymous communication easier for fraudsters, and how they can use this technology to hide their tracks. WALT MANNING, CFE President Investigations MD Walt Manning has more than 35 years of experience in both law enforcement and private consulting, focused on the fields of investigations, digital forensics and e-discovery. He retired with the rank of lieutenant after a 20-year career with the Dallas Police Department. After his years of investigative experience in both the public and private sectors, Manning founded Investigations MD with the simple goal of helping other investigators to be more successful. Manning has been published in Fraud Magazine, Police Computer Review, Police Chief and Information Systems Security. He has coordinated and taught more than 100 seminars all over the world on subjects related to computer and Internet investigations, as well as digital forensics. “Association of Certified Fraud Examiners,” “Certified Fraud Examiner,” “CFE,” “ACFE,” and the ACFE Logo are trademarks owned by the Association of Certified Fraud Examiners, Inc. The contents of this paper may not be transmitted, republished, modified, reproduced, distributed, copied, or sold without the prior consent of the author. ©2017 UNTRACEABLE LINKS: TECHNOLOGIES USED BY FRAUDSTERS TO HIDE THEIR TRACKS NOTES Introduction Technology is making it easier for fraudsters to cover their tracks while avoiding detection. Anonymous networks and operating systems, new mobile apps, and encrypted cell phones are appearing daily. Anonymous and encrypted email services are being developed to evade government surveillance and increase privacy. More sophisticated technologies, such as mesh networks, allow mobile devices that use public Wi-Fi to communicate from one device to another without ever using the cellular network or the Internet. Fraud examiners, investigators, and security professionals need to be aware of these tools to understand how they could be used to hide evidence of possible crimes. Anonymous Networks and Operating Systems The Tor Network In 2003, the U.S. Naval research laboratory launched The Onion Router Project, which came to be known by its acronym Tor. The project name contained the word onion because the original design routed Internet network traffic through multiple encrypted layers, or nodes, that would effectively hide a user's location and the network through which they were connected. At each relay node, a layer of encryption would be removed from the message, similar to peeling away the layers of an onion. Tor was designed for use by people who had a need for online anonymity. Normally, users on the Internet can be traced by their Internet protocol, or “IP,” address. When you use the Tor network, your IP address remains hidden. 28th Annual ACFE Global Fraud Conference ©2017 1 UNTRACEABLE LINKS: TECHNOLOGIES USED BY FRAUDSTERS TO HIDE THEIR TRACKS NOTES Tor is made up of two different parts. First is software that you can download and install on many devices. The second and critical piece is the Tor network, which is comprised of more than 7,000 volunteer computers that allow Tor users to route traffic through these network nodes. Tor is not designed to anonymize a user's identity—it only hides where the user’s Internet traffic originates. The first Tor network node that a user accesses will know where that single transmission came from. However, as the transmission proceeds to the next Tor node, the second node will know only that the transmission came from the previous node—not where the transmission originated. This process continues through at least three Tor nodes, each of which knows only the address of the previous node in the chain. There is no way for the final destination of the transmission to be able to track the random pathway back through the Tor network to identify the user. Use of the Tor network does not guarantee complete anonymity because the packets sent across the Tor network are the only parts of the transmission that are modified. The actual contents of the data in these packets are not modified in any way. Users who desire an even higher level of privacy have been known to encrypt their data before transmitting it on the Tor network, and possibly also use a virtual private network, or VPN, to provide even more anonymity and protection. 28th Annual ACFE Global Fraud Conference ©2017 2 UNTRACEABLE LINKS: TECHNOLOGIES USED BY FRAUDSTERS TO HIDE THEIR TRACKS NOTES The Invisible Internet Project (I2P) I2P is an open source project that has been in active development since 2003. The I2P network is designed to provide even better anonymity than Tor. Even though it is currently much smaller in scale than Tor, it is quickly gaining in popularity. Tor is good at hiding the identity and location of the user and recipient of transmissions, but I2P carries this to another level. Where a Tor user creates a connection “circuit” to communicate through the network, I2P users create multiple user-defined “tunnels” to communicate with each other. These tunnels can be reconfigured or changed by a user at any time. I2P tunnels operate in only one direction—either inbound or outbound. Users can configure as many tunnels as they need, and have the ability to create a single tunnel that is used only one time for one communication. Once that communication has ended, the user can deactivate the tunnel and never use it again. Where the message headers on Tor are encrypted, the message body may not be (unless the user has used another application to do so). On I2P, there are multiple levels of encryption that protect the entire message from end to end. I2P is also a packet-switched network, which means that each message is broken down into different packets, or pieces, each of which can travel the I2P network by different routes. This packet switching also allows I2P to balance the transmission workload across multiple routers on the network, which can make it faster and much more efficient. 28th Annual ACFE Global Fraud Conference ©2017 3 UNTRACEABLE LINKS: TECHNOLOGIES USED BY FRAUDSTERS TO HIDE THEIR TRACKS NOTES Users of I2P can also customize their configuration of tunnels on the network to require that their communication be forwarded through more network routers, which could enhance security even more. Since this means that every message would need to go through more “hops,” it could decrease the speed of the transmission. But the user has the flexibility to adjust his network settings according to his perceived risk profile. I2P is considered in many ways to be more secure than Tor, but making effective use of I2P may require more technical knowledge than the easier-to-use Tor network. Cybercriminals and other people for whom additional security is important will not hesitate to migrate to I2P, which may help this network to grow rapidly. MaidSafe: The Secure Access for Everyone (SAFE) Network The SAFE network is a peer-to-peer network where data is encrypted at all times. When a user installs the software, they are asked how much of their computer’s resources they would like to allocate for use by the network. In effect, their computer now becomes a node on the network, similar to the relay computers of the Tor and I2P networks. However, there are some differences. Whatever portion of the volunteer computer’s data storage is allocated for use by the SAFE network now becomes an encrypted “Vault.” When a user joins the SAFE network, they are given a completely anonymous ID. The data storage “Vault” on their computer is issued yet another different and anonymous ID. A user never needs to provide personal information to the 28th Annual ACFE Global Fraud Conference ©2017 4 UNTRACEABLE LINKS: TECHNOLOGIES USED BY FRAUDSTERS TO HIDE THEIR TRACKS NOTES network. There is no centralized data storage or dedicated servers that store any unencrypted data or user personal information. Volunteers are paid for their participation based on the amount of resources they provide to the network, as well as how much time they make their resources available. They are paid in a proprietary digital currency named Safecoin, which can be bought, sold, and traded for Bitcoin and several other digital currencies on multiple exchanges. A criminal wanting to cover their tracks could join the SAFE network and acquire Safecoin. They could then exchange the Safecoin for Bitcoin, and then convert that into either a different digital currency or an accepted currency anywhere in the world via any exchange. There is never any personal identification associated with either digital currency. When a user uploads a file to be stored on the SAFE network, the files are first broken into several pieces, and each piece is encrypted separately. Then several copies of each encrypted file segment are distributed and stored on computers active on the network. None of the file segments for one file are ever present on any single device other than the original owner’s. The contents of the file or any of its file segments are completely unreadable and inaccessible to any other member of the SAFE network. If a computer connected to the SAFE network is powered off, before the computer shuts down several copies of all file segments stored there by other users are copied to other active nodes for redundancy.
Recommended publications
  • Course 5 Lesson 2

    Course 5 Lesson 2

    This material is based on work supported by the National Science Foundation under Grant No. 0802551 Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author (s) and do not necessarily reflect the views of the National Science Foundation C5L3S1 With the advent of the Internet, social networking, and open communication, a vast amount of information is readily available on the Internet for anyone to access. Despite this trend, computer users need to ensure private or personal communications remain confidential and are viewed only by the intended party. Private information such as a social security numbers, school transcripts, medical histories, tax records, banking, and legal documents should be secure when transmitted online or stored locally. One way to keep data confidential is to encrypt it. Militaries,U the governments, industries, and any organization having a desire to maintain privacy have used encryption techniques to secure information. Encryption helps to boost confidence in the security of online commerce and is necessary for secure transactions. In this lesson, you will review encryption and examine several tools used to encrypt data. You will also learn to encrypt and decrypt data. Anyone who desires to administer computer networks and work with private data must have some familiarity with basic encryption protocols and techniques. C5L3S2 You should know what will be expected of you when you complete this lesson. These expectations are presented as objectives. Objectives are short statements of expectations that tell you what you must be able to do, perform, learn, or adjust after reviewing the lesson.
  • Chapter 12 Pretty Good Privacy (PGP)

    Chapter 12 Pretty Good Privacy (PGP)

    Chapter 12 Pretty Good Privacy (PGP) With the explosively growing reliance on electronic mail for every conceivable pur- pose, there grows a demand for authentication and confidentiality services. Two schemes stand out as approaches that enjoy widespread use: Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extension (S/MIME). The latter is a security en- hancement to the MIME Internet e-mail format standard, based on technology from RSA Data Security. Although both PGP and S/MIME are on an IETF standards track, it appears likely that S/MIME will emerge as the industry standard for commercial and organisational use, while PGP will remain the choice for personal e-mail security for many users. In this course we will only be looking at PGP. S/MIME is discussed in detail in the recommended text. 12.1 Background PGP is a remarkable phenomenon. Largely the effort of a single person, Phil Zimmer- mann, PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications. In essence what Zimmermann has done is the following: 1. Selected the best cryptographic mechanisms (algorithms) as building blocks. 2. Integrated these algorithms into a general purpose application that is independent of operating system and processor and that is based on a small set of easy to use commands. 3. Made the package and its source code freely available via the Internet, bulletin boards, and commercial networks such as America On Line (AOL). 4. Entered into an agreement with a company (Viacrypt, now Network Associates) to provide a fully compatible low cost commercial version of PGP.
  • Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard V1.2.3

    Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard V1.2.3

    Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3 Phong Q. Nguyen CNRS/Ecole´ normale sup´erieure D´epartement d’informatique 45 rue d’Ulm, 75230 Paris Cedex 05, France. [email protected] http://www.di.ens.fr/˜pnguyen Abstract. More and more software use cryptography. But how can one know if what is implemented is good cryptography? For proprietary soft- ware, one cannot say much unless one proceeds to reverse-engineering, and history tends to show that bad cryptography is much more frequent than good cryptography there. Open source software thus sounds like a good solution, but the fact that a source code can be read does not imply that it is actually read, especially by cryptography experts. In this paper, we illustrate this point by examining the case of a basic In- ternet application of cryptography: secure email. We analyze parts of thesourcecodeofthelatestversionofGNUPrivacyGuard(GnuPGor GPG), a free open source alternative to the famous PGP software, com- pliant with the OpenPGP standard, and included in most GNU/Linux distributions such as Debian, MandrakeSoft, Red Hat and SuSE. We ob- serve several cryptographic flaws in GPG v1.2.3. The most serious flaw has been present in GPG for almost four years: we show that as soon as one (GPG-generated) ElGamal signature of an arbitrary message is released, one can recover the signer’s private key in less than a second on a PC. As a consequence, ElGamal signatures and the so-called ElGamal sign+encrypt keys have recently been removed from GPG.
  • Many Things Related to Qubesos

    Many Things Related to Qubesos

    Qubes OS Many things Many things related to QubesOS Author: Neowutran Contents 1 Wiping VM 2 1.1 Low level storage technologies .................. 2 1.1.1 Must read ......................... 2 1.1.2 TL;DR of my understanding of the issue ........ 2 1.1.3 Things that could by implemented by QubesOS .... 2 2 Create a Gaming HVM 2 2.1 References ............................. 2 2.2 Prerequise ............................. 3 2.3 Hardware ............................. 3 2.4 Checklist .............................. 4 2.5 IOMMU Group .......................... 4 2.6 GRUB modification ........................ 4 2.7 Patching stubdom-linux-rootfs.gz ................ 5 2.8 Pass the GPU ........................... 6 2.9 Conclusion ............................. 6 2.10 Bugs ................................ 6 3 Create a Linux Gaming HVM, integrated with QubesOS 7 3.1 Goals ................................ 7 3.2 Hardware used .......................... 7 3.3 Main steps summary ....................... 7 3.3.1 Detailled steps ...................... 8 3.3.2 Using a kernel provided by debian ............ 8 3.4 Xorg ................................ 8 3.4.1 Pulseaudio ......................... 11 3.5 Final notes ............................ 11 3.6 References ............................. 12 4 Nitrokey and QubeOS 12 5 Recovery: Mount disk 12 6 Disposable VM 13 6.1 Introduction ............................ 14 6.1.1 References ......................... 14 6.1.2 What is a disposable VM? ................ 14 6.2 Playing online video ....................... 14 6.3 Web browsing ........................... 15 6.4 Manipulating untrusted files/data ................ 16 1 6.5 Mounting LVM image ...................... 17 6.6 Replace sys-* VM ......................... 18 6.7 Replace some AppVMs ...................... 18 7 Building a new QubesOS package 18 7.1 References ............................. 18 7.2 Goal ................................ 18 7.3 The software ............................ 19 7.4 Packaging ............................. 19 7.5 Building .............................
  • A History of End-To-End Encryption and the Death of PGP

    A History of End-To-End Encryption and the Death of PGP

    25/05/2020 A history of end-to-end encryption and the death of PGP Hey! I'm David, a security engineer at the Blockchain team of Facebook (https://facebook.com/), previously a security consultant for the Cryptography Services of NCC Group (https://www.nccgroup.com). I'm also the author of the Real World Cryptography book (https://www.manning.com/books/real-world- cryptography?a_aid=Realworldcrypto&a_bid=ad500e09). This is my blog about cryptography and security and other related topics that I Ûnd interesting. A history of end-to-end encryption and If you don't know where to start, you might want to check these popular the death of PGP articles: posted January 2020 - How did length extension attacks made it 1981 - RFC 788 - Simple Mail Transfer Protocol into SHA-2? (/article/417/how-did-length- extension-attacks-made-it-into-sha-2/) (https://tools.ietf.org/html/rfc788) (SMTP) is published, - Speed and Cryptography the standard for email is born. (/article/468/speed-and-cryptography/) - What is the BLS signature scheme? (/article/472/what-is-the-bls-signature- This is were everything starts, we now have an open peer-to-peer scheme/) protocol that everyone on the internet can use to communicate. - Zero'ing memory, compiler optimizations and memset_s (/article/419/zeroing-memory- compiler-optimizations-and-memset_s/) 1991 - The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations The US government introduces the 1991 Senate Bill 266, (/article/461/the-9-lives-of-bleichenbachers- which attempts to allow "the Government to obtain the cat-new-cache-attacks-on-tls- plain text contents of voice, data, and other implementations/) - How to Backdoor Di¸e-Hellman: quick communications when appropriately authorized by law" explanation (/article/360/how-to-backdoor- from "providers of electronic communications services di¸e-hellman-quick-explanation/) and manufacturers of electronic communications - Tamarin Prover Introduction (/article/404/tamarin-prover-introduction/) service equipment".
  • Github: a Case Study of Linux/BSD Perceptions from Microsoft's

    Github: a Case Study of Linux/BSD Perceptions from Microsoft's

    1 FLOSS != GitHub: A Case Study of Linux/BSD Perceptions from Microsoft’s Acquisition of GitHub Raula Gaikovina Kula∗, Hideki Hata∗, Kenichi Matsumoto∗ ∗Nara Institute of Science and Technology, Japan {raula-k, hata, matumoto}@is.naist.jp Abstract—In 2018, the software industry giants Microsoft made has had its share of disagreements with Microsoft [6], [7], a move into the Open Source world by completing the acquisition [8], [9], the only reported negative opinion of free software of mega Open Source platform, GitHub. This acquisition was not community has different attitudes towards GitHub is the idea without controversy, as it is well-known that the free software communities includes not only the ability to use software freely, of ‘forking’ so far, as it it is considered as a danger to FLOSS but also the libre nature in Open Source Software. In this study, development [10]. our aim is to explore these perceptions in FLOSS developers. We In this paper, we report on how external events such as conducted a survey that covered traditional FLOSS source Linux, acquisition of the open source platform by a closed source and BSD communities and received 246 developer responses. organization triggers a FLOSS developers such the Linux/ The results of the survey confirm that the free community did trigger some communities to move away from GitHub and raised BSD Free Software communities. discussions into free and open software on the GitHub platform. The study reminds us that although GitHub is influential and II. TARGET SUBJECTS AND SURVEY DESIGN trendy, it does not representative all FLOSS communities.
  • MEMO. Nº. 52/2017 – SCOM

    MEMO. Nº. 52/2017 – SCOM

    00100.096648/2017-00 MEMO. nº. 52/2017 – SCOM Brasília, 21 de junho de 2017 A Sua Excelência a Senhora SENADORA REGINA SOUSA Assunto: Ideia Legislativa nº. 76.334 Senhora Presidente, Nos termos do parágrafo único do art. 6º da Resolução do Senado Federal nº. 19 de 2015, encaminho a Vossa Excelência a Ideia Legislativa nº. 76.334, sob o título de “Criminalização Da Apologia Ao Comunismo”, que alcançou, no período de 09/06/2017 a 20/06/2017, apoiamento superior a 20.000 manifestações individuais, conforme a ficha informativa em anexo. Respeitosamente, Dirceu Vieira Machado Filho Diretor da Secretaria de Comissões Senado Federal – Praça dos Três Poderes – CEP 70.165-900 – Brasília DF ARQUIVO ASSINADO DIGITALMENTE. CÓDIGO DE VERIFICAÇÃO: CE7C06D2001B6231. CONSULTE EM http://www.senado.gov.br/sigadweb/v.aspx. 00100.096648/2017-00 ANEXO AO MEMORANDO Nº. 52/2017 – SCOM - FICHA INFORMATIVA E RELAÇÃO DE APOIADORES - Senado Federal – Praça dos Três Poderes – CEP 70.165-900 – Brasília DF ARQUIVO ASSINADO DIGITALMENTE. CÓDIGO DE VERIFICAÇÃO: CE7C06D2001B6231. CONSULTE EM http://www.senado.gov.br/sigadweb/v.aspx. 00100.096648/2017-00 Ideia Legislativa nº. 76.334 TÍTULO Criminalização Da Apologia Ao Comunismo DESCRIÇÃO Assim como a Lei já prevê o "Crime de Divulgação do Nazismo", a apologia ao COMUNISMO e seus símbolos tem que ser proibidos no Brasil, como já acontece cada vez mais em diversos países, pois essa ideologia genocida causou males muito piores à Humanidade, massacrando mais de 100 milhões de inocentes! (sic) MAIS DETALHES O art. 20 da Lei 7.716/89 estabeleceu o "Crime de Divulgação do Nazismo": "§1º - Fabricar, comercializar, distribuir ou veicular, símbolos, emblemas, ornamentos, distintivos ou propaganda que utilizem a cruz suástica ou gamada, para fins de divulgação do nazismo.
  • Paranoid Browsing

    Paranoid Browsing

    Paranoid Browsing By Aaron Grothe NEbraskaCERT 1 Parnoid Browsing ● What is Paranoid Browsing? ● Why should I Paranoid Browse? ● How to be more Paranoid. 2 What is Parnoid Browsing? ● Paranoid browsing is where you want to make sure that you make it harder for people to connect your browsing to you 3 Why Should I Paranoid Browse ● You're looking up something medical that you want to make sure doesn't make it to the googleplex ● You're a whistleblower trying to make sure that something is traced back to you ● You want to learn more about tor or tails ● Because you want to and/or Because you can 4 Historical Paranoid Browsing ● This is how I used to do research ● Had a machine with two removable drives ● Would put drives into both Drives and boot off a cd-rom then DD the master to the use disk ● Shutdown machine remove CD and master drive and then boot and start browsing 5 Historical Paranoid Browsing (Cont) ● Would use a set of Open Proxies such as Proxies for all to do most of the browsing. ● Rules ● Always use at least two proxies in different countries with different laws and procedures and languages ● Pretty simple to do along the lines of http://firstproxy:portnumber/http://secondproxy:portnumber/ http://thirdproxy:portnumber/http://www.sitetoexamine.com ● 6 Historical Paranoid Browsing (Cont) ● Worked pretty well. Harder to find „safe proxies“ nowadays as you never know who is running one ● Has largely been replaced by ToR and VPNs 7 Paranoid Browsing Today ● Will want to use tor (The Onion Router) and a decent VPN for security ●
  • Crypto Projects That Might Not Suck

    Crypto Projects That Might Not Suck

    Crypto Projects that Might not Suck Steve Weis PrivateCore ! http://bit.ly/CryptoMightNotSuck #CryptoMightNotSuck Today’s Talk ! • Goal was to learn about new projects and who is working on them. ! • Projects marked with ☢ are experimental or are relatively new. ! • Tried to cite project owners or main contributors; sorry for omissions. ! Methodology • Unscientific survey of projects from Twitter and mailing lists ! • Excluded closed source projects & crypto currencies ! • Stats: • 1300 pageviews on submission form • 110 total nominations • 89 unique nominations • 32 mentioned today The People’s Choice • Open Whisper Systems: https://whispersystems.org/ • Moxie Marlinspike (@moxie) & open source community • Acquired by Twitter 2011 ! • TextSecure: Encrypt your texts and chat messages for Android • OTP-like forward security & Axolotl key racheting by @trevp__ • https://github.com/whispersystems/textsecure/ • RedPhone: Secure calling app for Android • ZRTP for key agreement, SRTP for call encryption • https://github.com/whispersystems/redphone/ Honorable Mention • ☢ Networking and Crypto Library (NaCl): http://nacl.cr.yp.to/ • Easy to use, high speed XSalsa20, Poly1305, Curve25519, etc • No dynamic memory allocation or data-dependent branches • DJ Bernstein (@hashbreaker), Tanja Lange (@hyperelliptic), Peter Schwabe (@cryptojedi) ! • ☢ libsodium: https://github.com/jedisct1/libsodium • Portable, cross-compatible NaCL • OpenDNS & Frank Denis (@jedisct1) The Old Standbys • Gnu Privacy Guard (GPG): https://www.gnupg.org/ • OpenSSH: http://www.openssh.com/
  • Encryption and Anonymity Follow-Up Report

    Encryption and Anonymity Follow-Up Report

    PALAIS DES NATIONS • 1211 GENEVA 10, SWITZERLAND www.ohchr.org • TEL: +41 22 917 9000 • FAX: +41 22 917 9008 • E-MAIL: [email protected] Mandate of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression Research Paper 1/2018 June 2018 Encryption and Anonymity follow-up report Contents I. INTRODUCTION ............................................................................................................................... 2 II. TRENDS IN STATE RESTRICTIONS ON ENCRYPTION AND ANONYMITY .............................. 3 A. An Overview of State Obligations ........................................................................................................... 3 B. State practice: examples and concerns ..................................................................................................... 4 (i) Bans on Use and Dissemination of Encryption Tools ......................................................................... 5 (ii) Licensing and Registration Requirements .......................................................................................... 5 (iii) Intentional Weakening of Encryption ................................................................................................ 5 (iv) Government Hacking ......................................................................................................................... 7 (v) Mandatory Data Localization and Key Escrows ................................................................................. 8 (vi)
  • A Framework for Identifying Host-Based Artifacts in Dark Web Investigations

    A Framework for Identifying Host-Based Artifacts in Dark Web Investigations

    Dakota State University Beadle Scholar Masters Theses & Doctoral Dissertations Fall 11-2020 A Framework for Identifying Host-based Artifacts in Dark Web Investigations Arica Kulm Dakota State University Follow this and additional works at: https://scholar.dsu.edu/theses Part of the Databases and Information Systems Commons, Information Security Commons, and the Systems Architecture Commons Recommended Citation Kulm, Arica, "A Framework for Identifying Host-based Artifacts in Dark Web Investigations" (2020). Masters Theses & Doctoral Dissertations. 357. https://scholar.dsu.edu/theses/357 This Dissertation is brought to you for free and open access by Beadle Scholar. It has been accepted for inclusion in Masters Theses & Doctoral Dissertations by an authorized administrator of Beadle Scholar. For more information, please contact [email protected]. A FRAMEWORK FOR IDENTIFYING HOST-BASED ARTIFACTS IN DARK WEB INVESTIGATIONS A dissertation submitted to Dakota State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Cyber Defense November 2020 By Arica Kulm Dissertation Committee: Dr. Ashley Podhradsky Dr. Kevin Streff Dr. Omar El-Gayar Cynthia Hetherington Trevor Jones ii DISSERTATION APPROVAL FORM This dissertation is approved as a credible and independent investigation by a candidate for the Doctor of Philosophy in Cyber Defense degree and is acceptable for meeting the dissertation requirements for this degree. Acceptance of this dissertation does not imply that the conclusions reached by the candidate are necessarily the conclusions of the major department or university. Student Name: Arica Kulm Dissertation Title: A Framework for Identifying Host-based Artifacts in Dark Web Investigations Dissertation Chair: Date: 11/12/20 Committee member: Date: 11/12/2020 Committee member: Date: Committee member: Date: Committee member: Date: iii ACKNOWLEDGMENT First, I would like to thank Dr.
  • Pgpfone Pretty Good Privacy Phone Owner’S Manual Version 1.0 Beta 7 -- 8 July 1996

    Pgpfone Pretty Good Privacy Phone Owner’S Manual Version 1.0 Beta 7 -- 8 July 1996

    Phil’s Pretty Good Software Presents... PGPfone Pretty Good Privacy Phone Owner’s Manual Version 1.0 beta 7 -- 8 July 1996 Philip R. Zimmermann PGPfone Owner’s Manual PGPfone Owner’s Manual is written by Philip R. Zimmermann, and is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Pretty Good Privacy™, PGP®, Pretty Good Privacy Phone™, and PGPfone™ are all trademarks of Pretty Good Privacy Inc. Export of this software may be restricted by the U.S. government. PGPfone software is (c) Copyright 1995-1996 Pretty Good Privacy Inc. All rights reserved. Phil’s Pretty Good engineering team: PGPfone for the Apple Macintosh and Windows written mainly by Will Price. Phil Zimmermann: Overall application design, cryptographic and key management protocols, call setup negotiation, and, of course, the manual. Will Price: Overall application design. He persuaded the rest of the team to abandon the original DOS command-line approach and designed a multithreaded event-driven GUI architecture. Also greatly improved call setup protocols. Chris Hall: Did early work on call setup protocols and cryptographic and key management protocols, and did the first port to Windows. Colin Plumb: Cryptographic and key management protocols, call setup negotiation, and the fast multiprecision integer math package. Jeff Sorensen: Speech compression. Will Kinney: Optimization of GSM speech compression code. Kelly MacInnis: Early debugging of the Win95 version. Patrick Juola: Computational linguistic research for biometric word list. -2- PGPfone Owner’s