INFORMATION SECURITY and Anti‐Forensics Abstract Where there is a data leak there is a helpful LEO to pick up the slack and throw you in jail for it. This guide attempts to educate you on some of the best security practices and anti‐ forensics techniques so that doesn’t happen. From news reporters to people who want to download and watch child porn; this guide will help keep you safe. by MISSIONMAN | V2 | FINAL Page | 1 Dedication This guide is dedicated to the wonderful Law Enforcement Agencies of the world; if they didn’t try to fuck us over all the time, I wouldn’t care enough to make this guide in the first place. Page | 2 Information Security and Anti‐Forensics Table of Contents Dedication ..................................................................................................................................................... 1 Chapter 1 _The CIA Triad ........................................................................................................................... 5 Chapter 2 _ Recommendations ................................................................................................................. 6 Chapter 3 _ Encryption ............................................................................................................................ 10 3.1. Encryption Dealing with Confidentiality ..................................................................................... 11 3.2. Encrypting Files or the Hard Drive .............................................................................................. 12 3.3. Securely Exchanging Messages or Data ...................................................................................... 15 3.4. Steganography ............................................................................................................................ 17 3.5. Authentication Factors ................................................................................................................ 18 3.6. Password Attacks and Account Recovery Attacks ...................................................................... 18 3.7. Creating Secure Passwords ......................................................................................................... 19 3.8. Hashing, Hashing Collisions, and Birthday Attacks ..................................................................... 19 3.9. Cold Boot Attacks ........................................................................................................................ 21 Chapter 4 _ Data ...................................................................................................................................... 22 4.1 Deleted Data ............................................................................................................................... 23 4.2 Deleting Data Securely ................................................................................................................ 24 4.3 File Slack ...................................................................................................................................... 25 4.4 Where to Hide Your Data ............................................................................................................ 26 4.5 Windows Swap Files, ReadyBoost, Temporary Internet Files and Browser Cache ..................... 26 4.6 Temporary Application Files and Recent Files Lists .................................................................... 28 4.7 Shellbags ..................................................................................................................................... 32 4.8 Prefetching and Timestamps ...................................................................................................... 33 4.9 Event Logs ................................................................................................................................... 34 4.10 Printers, Print Jobs, and Copiers ................................................................................................. 34 4.11 Cameras, Pictures, and Metadata ............................................................................................... 36 4.12 USB Information .......................................................................................................................... 37 Page | 3 4.13 SSD – Solid State Drives .............................................................................................................. 38 4.14 Forensic Software Tools .............................................................................................................. 39 Chapter 5 _ Continuity ............................................................................................................................. 40 5.1 Security Concerns with Backups ................................................................................................. 41 5.2 Security Concerns with Sleep and Hibernation........................................................................... 41 5.3 Ensuring Information and Service Continuity ............................................................................. 41 5.4 DoS and DDoS attacks ................................................................................................................. 42 Chapter 6 _ System Hardening ................................................................................................................ 45 6.1. Uninstall Unnecessary Software ................................................................................................. 46 6.2. Disable Unnecessary Services ..................................................................................................... 46 6.3. Disable Unnecessary Accounts ................................................................................................... 47 6.4. Update and Patch Windows and Other Applications ................................................................. 48 6.5. Password Protection ................................................................................................................... 48 Chapter 7 _ Antivirus, Keyloggers, Firewalls, DLP’s, and HID’s ................................................................ 50 7.1. Antivirus ...................................................................................................................................... 51 7.2. Hardware Keyloggers .................................................................................................................. 51 7.3. Firewalls ...................................................................................................................................... 52 7.4. DLP’s ............................................................................................................................................ 52 7.5. HIDS’s and NID’s .......................................................................................................................... 53 7.6. Other Considerations .................................................................................................................. 53 Chapter 8 _ Networks .............................................................................................................................. 54 8.1. Private vs. Public IP Address ....................................................................................................... 55 8.2. MAC Address ............................................................................................................................... 55 8.3. Public Wireless ............................................................................................................................ 56 8.4. Security Protocols ....................................................................................................................... 58 8.5. Chat Sites ‐ How Attackers Attack ............................................................................................... 59 8.6. Other Considerations .................................................................................................................. 61 8.7. Extra: MAC Address Spoofing and ARP Attacks ‐ How they work .............................................. 62 Chapter 9 _ Web Browser Security .......................................................................................................... 64 9.1. Downloading and Using the Tor Browser Bundle ....................................................................... 65 9.2. Configuring Web‐Browsers and Applications to Use Tor ............................................................ 67 9.3. What is Sandboxing and What is JIT Hardening, and Why Do I Care? ........................................ 68 9.4. JavaScript .................................................................................................................................... 68 9.5. Cookie Protection and Session Hijacking Attacks ....................................................................... 69 Page | 4 9.6. Caching ........................................................................................................................................ 69 9.7. Referers ....................................................................................................................................... 70 9.8. CSRF/CSRF Attacks (XSS Attack) .................................................................................................. 71 9.9. Protect Browser Settings