Chapter 8: On the Use of Hash Functions in. Computer Forensics

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Chapter 8: On the Use of Hash Functions in. Computer Forensics"

Transcription

1 Harald Baier Hash Functions in Forensics / WS 2011/2012 2/41 Chapter 8: On the Use of Hash Functions in Computer Forensics Harald Baier Hochschule Darmstadt, CASED WS 2011/2012 Harald Baier Hash Functions in Forensics / WS 2011/2012 1/41 Fuzzy Hashing

2 Harald Baier Hash Functions in Forensics / WS 2011/2012 4/41 Fuzzy Hashing Harald Baier Hash Functions in Forensics / WS 2011/2012 3/41 Use Case: Prosecution 1. Police and prosecutors confronted with different storage media: Hard disk drives, solid-state drives, USB sticks. Mobile phones, SIM cards. Digital cameras, digital camcorders, SD cards. CDs, DVDs. RAM (dumps) Amount of distrained data often exceeds 1 terabyte.

3 Harald Baier Hash Functions in Forensics / WS 2011/2012 6/41 Different views of 1 terabyte 1 terabyte of digital text is (approximately) equal to: 1. 1 trillion characters: 1 character = 1 byte million pages: 1 page = 5000 characters years of printing time: 20 sheets per minute million kg of paper: onesided printed. 5. Paper stack of 22 km height: bulk of 0.1 mm. Harald Baier Hash Functions in Forensics / WS 2011/2012 5/41 Finding relevant files resembles... Source: tu-harburg.de Source: beepworld.de

4 Harald Baier Hash Functions in Forensics / WS 2011/2012 8/41... or is it solved for suspect files? Harald Baier Hash Functions in Forensics / WS 2011/2012 7/41 Fuzzy Hashing

5 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Definition and Security Applications 1. A hash function h is a function with two properties: Compression: h : {0, 1} {0, 1} n. Ease of computation: Computation of h(m) is fast in practice. 2. Notation: m is a document (e.g. a file, a device). h(m) its hash value or digest. 3. Sample security applications: Storage of passwords. Electronic signatures (MAC, asymmetric signatures). Computer forensics. Harald Baier Hash Functions in Forensics / WS 2011/2012 9/41 Hash Functions in Cryptography For use in cryptography, we have to impose further conditions: 1. Preimage Resistance: Let a hash value H {0, 1} n be given. It is infeasible in practice to find an input (i.e. a document m) with H = h(m). 2. Second Preimage Resistance: Let a document m {0, 1} be given. It is infeasible in practice to find a second document m with m m and h(m) = h(m ). 3. Collision Resistance: It is infeasible in practice to find any two documents m, m with m m and h(m) = h(m ).

6 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Avalanche Effect 1. Let m and h(m) be given. If m is replaced by m, h(m ) behaves pseudo randomly. = No control over the output, if the input is changed. 2. Consequences: If only one bit in m is changed to get m, the two outputs h(m) and h(m ) look very different. Every bit in h(m ) changes with probability 50%, independently of the number of different bits in m. Harald Baier Hash Functions in Forensics / WS 2011/ /41 Sample Cryptographic Hash Functions Name MD5 SHA-1 SHA-256 SHA-512 RIPEMD-160 n Demo: 1. Computation of hash values using openssl. 2. Avalanche effect. 3. Performance.

7 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Fuzzy Hashing Harald Baier Hash Functions in Forensics / WS 2011/ /41 Use Cases 1. Ensure authenticity and integrity during data acquisition. Relevant for both dead and live analysis. Hash values must be protected: Written down by hand in investigation notebook. Compute a digital signature over it. 2. Identify known files: Whitelisting: Known to be good files. Blacklisting: Known to be bad files. 3. Bloom filters to efficiently identify a large set of files. Relevant security property of the hash function: Second-preimage resistance.

8 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Data Acquisition: Dead analysis 1. Investigation is performed on a copy. 2. Main goal of hashing: Preserve chain of custody. 3. Common approach for a storage medium: Compute hash value h1 over the whole original volume. Write hash value h1 down in physical logbook. Make a 1-to-1 copy of the volume using dd. Compute hash value h 2 over the copy. Write hash value h2 down in physical logbook. Work read-only on copy. To prove chain of custody, compute h 2 again and check, if h 1 = h 2 holds. Harald Baier Hash Functions in Forensics / WS 2011/ /41 Example: Save first partition of a HDD Chain of custody preserved $ openssl dgst -sha1 /dev/hda1 SHA1(/dev/hda1)= c1e4449bfd504b60e85447afaa3cd100f7e59dad $ dd if=/dev/hda1 of=image-hda1.dd bs=512 $ openssl dgst -sha1 image-hda1.dd SHA1(image-hda1.dd)= c1e4449bfd504b60e85447afaa3cd100f7e59dad [INVESTIGATE read-only image-hda1.dd] $ openssl dgst -sha1 image-hda1.dd SHA1(image-hda1.dd)= c1e4449bfd504b60e85447afaa3cd100f7e59dad

9 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Example: Save first partition of a HDD Chain of custody destroyed $ openssl dgst -sha1 /dev/hda1 SHA1(/dev/hda1)= c1e4449bfd504b60e85447afaa3cd100f7e59dad $ dd if=/dev/hda1 of=image-hda1.dd bs=512 $ openssl dgst -sha1 image-hda1.dd SHA1(image-hda1.dd)= c1e4449bfd504b60e85447afaa3cd100f7e59dad [INVESTIGATE read-only image-hda1.dd] $ openssl dgst -sha1 image-hda1.dd SHA1(image-hda1.dd)= 568c68d97baf f509343b8b02d324e3d8 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Hash Functions in Data Acquisition: Assessment 1. Key problem: If original and copy differ by at least 1 bit, the chain of custody is broken. 2. Solutions: Compute hashes over smaller pieces of the input (e.g. file system blocks). This leads to segment hashes. Perform a binary search over original and copy to find differences.

10 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Whitelisting 1. Underlying Idea: Generate a database of known to be good files. Let G denote this set. Identify automatically an unsuspicious file on base of its hash value, which matches a fingerprint of a file in G. Exclude a known to be good file from further investigation. Significant reduction of irrelevant data. 2. Examples of unsuspicious files: System files of operating systems. Well-known benign applications like browsers, editors, Widespread database: Reference Data Set (RDS) of the National Software Reference Library (NSRL), maintained by NIST Harald Baier Hash Functions in Forensics / WS 2011/ /41 NSRL-RDS 1. Website 2. Current download version: RDS 2.34 from October Original software is kept to ensure court worthiness. 4. Propagated via CD. Download of iso-images from website via http. 5. RDS 2.34 comprises four iso-images of about 1.2 GB size. 6. Contains files and unique SHA-1 values (due to duplications across different software distributions) 7. Entries are arranged according to the SHA-1 values.

11 Harald Baier Hash Functions in Forensics / WS 2011/ /41 NSRL-RDS Sample entries $ less NSRLFile.txt "SHA-1","MD5","CRC32","FileName","FileSize","ProductCode","OpSystemCode","SpecialCode" " EDD92C4E3D2E F849","392126E756571EBF112CB1C1CDEDF926","EBD105A0","I05002T2.PFB",98865 " DA6391F7F5D2F7FCCF36CEBDA60C6EA02","0E53C14A3E48D94FF596A B492","AA6A7B16","00br2026.gif",2226, "000000A9E47BD385A0A3685AA12C2DB6FD727A20","176308F27DD52890F013A3FD80F92E51","D749B562","femvo523.wav",42748 " AFA836117B1B572FAE4713F200567","9B3702B0E788C6D FE3C9786A","05E566DF","J JPG",32768 " AFA836117B1B572FAE4713F200567","9B3702B0E788C6D FE3C9786A","05E566DF","J JPG",32768 " AFA836117B1B572FAE4713F200567","9B3702B0E788C6D FE3C9786A","05E566DF","J JPG",32768 " AFA836117B1B572FAE4713F200567","9B3702B0E788C6D FE3C9786A","05E566DF","J JPG",32768 " AFA836117B1B572FAE4713F200567","9B3702B0E788C6D FE3C9786A","05E566DF","J JPG",32768 " AFA836117B1B572FAE4713F200567","9B3702B0E788C6D FE3C9786A","05E566DF","J JPG",32768 "SHA-1","MD5","CRC32","FileName","FileSize","ProductCode",\\ "OpSystemCode","SpecialCode" " EDD92C4E3D2E F849",\\ "392126E756571EBF112CB1C1CDEDF926",\\ "EBD105A0","I05002T2.PFB",98865,3095,"WIN","" Harald Baier Hash Functions in Forensics / WS 2011/ /41 Whitelisting: Anti-detection 1. Task: Find a suspicious file s with h(s) = h(g): Attacker has to solve the second preimage problem for some g G. As of today hardly possible (even for MD5). If RDS is used, both SHA-1 and MD5 preimages have to be found. 2. Attack the whitelist: Breach integrity and authenticity of whitelist. Example: Attack the distribution channel. If RDS is downloaded via http, spoofing is possible.

12 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Whitelisting: Assessment 1. General assessment: Well-known and established process in computer forensics. If database is trusted, no false positives (positive = benign). 2. Possible bottleneck: Size of database. Size of database is increasing. Currently RDS is about 6 gigabyte. Harald Baier Hash Functions in Forensics / WS 2011/ /41 Blacklisting 1. Underlying idea: Generate a database of known to be bad files. Let B denote this set. Find automatically a suspicious file on base of its fingerprint, which matches a fingerprint of a file in B. 2. Sample suspect files: Malware. Encryption or steganographic software. Corporate secrets. IPR protected files. Child pornography.

13 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Blacklisting: Evaluation 1. Anti-detection approach: Let a suspicious file b B be given. Change some (irrelevant) bit of b to get b. Consequence: h(b ) is very different from h(b). b is not detected automatically. 2. Core problem: Cryptographic requirements of a hash function and forensic goals are complementary. A suspicious file similar to an element of B is not detected. 3. Fragments of elements of B are not identified, too. Harald Baier Hash Functions in Forensics / WS 2011/ /41 Fuzzy Hashing

14 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Goals 1. Overcome drawbacks of cryptographic hash functions in the context of computer forensics. 2. Main drawbacks are: Data acquisition: Integrity of copy is destroyed, if some bits change. White-/Blacklisting: Suspect files similar to known to be bad files are not detected. Fragments are not detected (due to deletion, fragmentation). 3. Currently known approaches: Segment hashes (also called block hashes): Tool dcfldd. Context-triggered piecewise hashes: Tool ssdeep. Similarity digests: Tool sdhash. Harald Baier Hash Functions in Forensics / WS 2011/ /41 Segment Hashes 1. Underlying idea: Split input data (volume, file) in blocks of fixed length. Compute for each segment its cryptographic hash. Lookup in hash database for matches. 2. Original aim: Improve integrity of storage media.

15 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Segment Hashes: Example from NIST 1. Sample tool of Nicholas Harbour (since 2002): dcfldd: An extension of dd. Department of Defense Computer Forensics Laboratory. Provides MD5, SHA-1, SHA-2 family. 2. Evaluation by NIST (Douglas White, 2008): Hashing of File Blocks: When Exact Matches are not Useful. NIST worked on Windows 2000 and XP OS files. Main result: File-based data reduction leaves an average 30% of disk space for human investigation. Incorporating block hashes reduces this to an average of 15%. Assist in recognising wiped media. Harald Baier Hash Functions in Forensics / WS 2011/ /41 Example: Save first partition of a HDD Chain of custody preserved $ dcfldd if=/dev/hda1 of=image-hda1.dd bs=512 hashwindow=4096 hash=sha : da0bd2b16c7cd5acb5695e9d81fb6d832cba85312d87e08d0c675e41b608de : 281f4b8ac2dcda0f3fd9a0642a694fedf829d7567a531b1cfc8925f94eebe7a : 1c05a3c7251b666c1ec4a2b689e25f95a92a311613ce685fdf7cbf e : 6c9c17f271f18587bcccf8f9c6154b4bff764664a3eb8ddf c5c4698b : c61cd658e73450dfb0dfc9a1d83cdbddd162d9194d81f27f0516bb107280e841 [REMOVED] $ dcfldd if=image-hda1.dd of=/dev/null bs=512 hashwindow=4096 hash=sha : da0bd2b16c7cd5acb5695e9d81fb6d832cba85312d87e08d0c675e41b608de : 281f4b8ac2dcda0f3fd9a0642a694fedf829d7567a531b1cfc8925f94eebe7a : 1c05a3c7251b666c1ec4a2b689e25f95a92a311613ce685fdf7cbf e : 6c9c17f271f18587bcccf8f9c6154b4bff764664a3eb8ddf c5c4698b : c61cd658e73450dfb0dfc9a1d83cdbddd162d9194d81f27f0516bb107280e841 [REMOVED]

16 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Example: Save first partition of a HDD Chain of custody partly destroyed $ dcfldd if=/dev/hda1 of=image-hda1.dd bs=512 hashwindow=4096 hash=sha : da0bd2b16c7cd5acb5695e9d81fb6d832cba85312d87e08d0c675e41b608de : 281f4b8ac2dcda0f3fd9a0642a694fedf829d7567a531b1cfc8925f94eebe7a : 1c05a3c7251b666c1ec4a2b689e25f95a92a311613ce685fdf7cbf e : 6c9c17f271f18587bcccf8f9c6154b4bff764664a3eb8ddf c5c4698b : c61cd658e73450dfb0dfc9a1d83cdbddd162d9194d81f27f0516bb107280e841 [REMOVED] $ dcfldd if=image-hda1.dd of=/dev/null bs=512 hashwindow=4096 hash=sha : da0bd2b16c7cd5acb5695e9d81fb6d832cba85312d87e08d0c675e41b608de : 281f4b8ac2dcda0f3fd9a0642a694fedf829d7567a531b1cfc8925f94eebe7a : 1c05a3c7251b666c1ec4a2b689e25f95a92a311613ce685fdf7cbf e : f361bc439d0fc4215eba5523cba663c5371d47c358d68b a29e972e : c61cd658e73450dfb0dfc9a1d83cdbddd162d9194d81f27f0516bb107280e841 [REMOVED] Harald Baier Hash Functions in Forensics / WS 2011/ /41 Segment Hashes: Evaluation 1. Anti-Blacklisting is very easy: Introduce an irrelevant byte in the first sector. All segment hashes differ from the stored segment hashes. Modified suspect file is not detected. Demo. 2. A good technique for whitelisting (see NIST results). 3. Size of segment hash database is large: 4096 byte block size, SHA-1. size of hash database size of raw data = = = 1 terabyte of raw data yields a 5 gigabyte hash database. 4. Hash database depends on the hashwindow size.

17 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Context Triggered Piecewise Hashes 1. Underlying idea: Split input data (volume, file) in blocks of variable length. The end points of the blocks are determined by a rolling hash: Its value only depends on the current context. A window (e.g. of size 7 bytes) slides over the input. Context = Bytes of input data in the current window. If rolling hash matches a trigger value, an end point is set. Rolling hash function is assumed to be pseudo random: P F. Compute for every segment its cryptographic hash. The sequence of these segment hashes is the context triggered piecewise hash (CTPH) of the input. Lookup in hash database for matches. Harald Baier Hash Functions in Forensics / WS 2011/ /41 Context Triggered Piecewise Hashes 1. Originally proposed for spam detection (spamsum by Andrew Tridgell, 2002) 2. Ported to forensics by Jesse Kornblum, 2006: ssdeep.

18 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Piecewise Hashes: The algorithm Harald Baier Hash Functions in Forensics / WS 2011/ /41 CTPH: A sample tool 1. ssdeep (based on spamsum). 2. Window size is CTPH is a sequence of printable characters: Only the least significant 6 bits (LS6B) of a segment hash are considered. LS6B are encoded base ssdeep decides about a match: On base of the edit distance (changing, inserting,... characters) of two CTPHs. 5. Demo. Edit distance is rescaled to a percentage match score.

19 Harald Baier Hash Functions in Forensics / WS 2011/ /41 CTPH: Sample Research Questions 1. Rolling hash: Shall be efficient and pseudo random. Current implementation is fast, but not pseudo random. Task: Find a slightly slower, but pseudo random rolling hash. 2. Fragment detection: Kornblum s approach fails, if fragments are much smaller than the original file. Task: Find a different approach. 3. Edit distance: Kornblum s approach addresses text files (due to spam detection). Task: Find a more general approach, which also addresses images, videos,... Harald Baier Hash Functions in Forensics / WS 2011/ /41 Fuzzy Hashing Fuzzy Hashing

20 Harald Baier Hash Functions in Forensics / WS 2011/ /41 Vision Fuzzy Hashing 1. Find a similarity preserving hash function. Fuzzy hash function, denoted by f. m and m are similar = f(m) and f(m ) are similar, too. 2. Find a general (forensic) metric to measure similarity: Let d : {0, 1} {0, 1} R + 0 be such a metric. d shall be applicable to txt, doc, odt, jpg, bmp, devices, f is a function with d(m 1, m 2 ) d(f(m 1 ), f(m 2 )). Harald Baier Hash Functions in Forensics / WS 2011/ /41 Fuzzy Hashing Fuzzy Hashing: Applications 1. Forensics (on the file level): Detect similar files. Blacklisting: Detect manipulated suspicious files. Find fragments of suspicious data. Whitelisting: Find changed unsuspicious files. 2. Biometrics: Template protection. 3. Malware: Detect obfuscated malware (e.g. metamorphic malware). 4. Junk mail detection.

21 Fuzzy Hashing Questions? Harald Baier Hash Functions in Forensics / WS 2011/ /41

Chapter 8 Hash functions in digital forensics Page 129

Chapter 8 Hash functions in digital forensics Page 129 Page 129 In this chapter we describe the role of hash functions in digital forensics. Essentially hash functions are used for two main purposes: first, authenticity and integrity of digital traces are

More information

Security Aspects of Piecewise Hashing in Computer Forensics

Security Aspects of Piecewise Hashing in Computer Forensics Security Aspects of Piecewise Hashing in Computer Forensics Harald Baier Center for Advanced Security Research Darmstadt and Hochschule Darmstadt 64295 Darmstadt, Germany harald.baier@cased.de Frank Breitinger

More information

Fuzzy Hashing for Digital Forensic Investigators Dustin Hurlbut - AccessData January 9, 2009

Fuzzy Hashing for Digital Forensic Investigators Dustin Hurlbut - AccessData January 9, 2009 Fuzzy Hashing for Digital Forensic Investigators Dustin Hurlbut - AccessData January 9, 2009 Abstract Fuzzy hashing allows the investigator to focus on potentially incriminating documents that may not

More information

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing

More information

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1 MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:

More information

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd. Acquisition and Tools COMP 2555: Principles of Computer Forensics Autumn 2014 http://www.cs.du.edu/2555 1 Planning Your Investigation! A basic investigation plan should include the following activities:!

More information

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene

More information

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Digital Forensics Tutorials Acquiring an Image with FTK Imager Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,

More information

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Network Security (2) CPSC 441 Department of Computer Science University of Calgary Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors

More information

Digital Evidence Search Kit

Digital Evidence Search Kit Digital Evidence Search Kit K.P. Chow, C.F. Chong, K.Y. Lai, L.C.K. Hui, K. H. Pun, W.W. Tsang, H.W. Chan Center for Information Security and Cryptography Department of Computer Science The University

More information

National District Attorneys Association National Center for Prosecution of Child Abuse. Computer Forensics for Prosecutors

National District Attorneys Association National Center for Prosecution of Child Abuse. Computer Forensics for Prosecutors National District Attorneys Association National Center for Prosecution of Child Abuse Computer Forensics for Prosecutors February 18-19, 2013 Portland, Oregon Detective Michael Smith Computer Crimes &

More information

Digital Forensics Tutorials Acquiring an Image with Kali dcfldd

Digital Forensics Tutorials Acquiring an Image with Kali dcfldd Digital Forensics Tutorials Acquiring an Image with Kali dcfldd Explanation Section Disk Imaging Definition Disk images are used to transfer a hard drive s contents for various reasons. A disk image can

More information

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:

More information

Hash Functions. Integrity checks

Hash Functions. Integrity checks Hash Functions EJ Jung slide 1 Integrity checks Integrity vs. Confidentiality! Integrity: attacker cannot tamper with message! Encryption may not guarantee integrity! Intuition: attacker may able to modify

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the

More information

HASH CODE BASED SECURITY IN CLOUD COMPUTING

HASH CODE BASED SECURITY IN CLOUD COMPUTING ABSTRACT HASH CODE BASED SECURITY IN CLOUD COMPUTING Kaleem Ur Rehman M.Tech student (CSE), College of Engineering, TMU Moradabad (India) The Hash functions describe as a phenomenon of information security

More information

Cryptographic Hash Functions Message Authentication Digital Signatures

Cryptographic Hash Functions Message Authentication Digital Signatures Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBC-MAC Digital signatures 2 Encryption/Decryption

More information

Electronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure

Electronic Mail Security. Email Security. email is one of the most widely used and regarded network services currently message contents are not secure Electronic Mail Security CSCI 454/554 Email Security email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either in transit or by

More information

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013

USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars October 29, 2013 USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security

More information

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević, DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia

More information

Chapter 7: Network security

Chapter 7: Network security Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

More information

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

Practical computer security

Practical computer security Practical computer security Željko Vrba University of Oslo (includes content by: Vera Goebel, Matija Pužar and Andrew Tannenbaum) What is computer security? Very broad term File system security Network

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Hash Function JH and the NIST SHA3 Hash Competition

Hash Function JH and the NIST SHA3 Hash Competition Hash Function JH and the NIST SHA3 Hash Competition Hongjun Wu Nanyang Technological University Presented at ACNS 2012 1 Introduction to Hash Function Hash Function Design Basics Hash function JH Design

More information

Practice Questions. CS161 Computer Security, Fall 2008

Practice Questions. CS161 Computer Security, Fall 2008 Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice

More information

winhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR

winhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR winhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR Supervised by : Dr. Lo'ai Tawalbeh New York Institute of Technology (NYIT)-Jordan X-Ways Software Technology AG is a stock corporation

More information

anonymous secure decentralized SMS stealthtext transactions

anonymous secure decentralized SMS stealthtext transactions anonymous secure decentralized SMS stealthtext transactions WHITEPAPER STATE OF THE ART 2/8 WHAT IS STEALTHTEXT? stealthtext is a way to send stealthcoin privately and securely using SMS texting. stealthtext

More information

Survey of Disk Image Storage Formats

Survey of Disk Image Storage Formats Survey of Disk Image Storage Formats Version 1.0 Common Digital Evidence Storage Format Working Group Digital Forensic Research Workshop September 1, 2006 Digital data that could be used as evidence are

More information

Significance of Hash Value Generation in Digital Forensic: A Case Study

Significance of Hash Value Generation in Digital Forensic: A Case Study International Journal of Engineering Research and Development e-issn : 2278-067X, p-issn : 2278-800X, www.ijerd.com Volume 2, Issue 5 (July 2012), PP. 64-70 Significance of Hash Value Generation in Digital

More information

ERNW Newsletter 29 / November 2009

ERNW Newsletter 29 / November 2009 ERNW Newsletter 29 / November 2009 Dear Partners and Colleagues, Welcome to the ERNW Newsletter no. 29 covering the topic: Data Leakage Prevention A Practical Evaluation Version 1.0 from 19th of november

More information

Secure USB Flash Drive. Biometric & Professional Drives

Secure USB Flash Drive. Biometric & Professional Drives Secure USB Flash Drive Biometric & Professional Drives I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE FLASH DRIVE... 3 DESCRIPTION... 3 IV. MODULES OF SECURE

More information

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze

More information

Cryptography Lecture 8. Digital signatures, hash functions

Cryptography Lecture 8. Digital signatures, hash functions Cryptography Lecture 8 Digital signatures, hash functions A Message Authentication Code is what you get from symmetric cryptography A MAC is used to prevent Eve from creating a new message and inserting

More information

Digital Forensics. Larry Daniel

Digital Forensics. Larry Daniel Digital Forensics Larry Daniel Introduction A recent research report from The Yankee Group found that 67.6 percent of US households in 2002 contained at least one PC The investigators foresee three-quarters

More information

Forensic Imaging and Artifacts analysis of Linux & Mac (EXT & HFS+)

Forensic Imaging and Artifacts analysis of Linux & Mac (EXT & HFS+) Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative

More information

Authentication requirement Authentication function MAC Hash function Security of

Authentication requirement Authentication function MAC Hash function Security of UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy

More information

FIPS 140 2 Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

FIPS 140 2 Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive FIPS 140 2 Non Proprietary Security Policy Kingston Technology Company, Inc. DataTraveler DT4000 G2 Series USB Flash Drive Document Version 1.8 December 3, 2014 Document Version 1.8 Kingston Technology

More information

Project: Simulated Encrypted File System (SEFS)

Project: Simulated Encrypted File System (SEFS) Project: Simulated Encrypted File System (SEFS) Omar Chowdhury Fall 2015 CS526: Information Security 1 Motivation Traditionally files are stored in the disk in plaintext. If the disk gets stolen by a perpetrator,

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

Theoretical Aspects of Storage Systems Autumn 2009

Theoretical Aspects of Storage Systems Autumn 2009 Theoretical Aspects of Storage Systems Autumn 2009 Chapter 3: Data Deduplication André Brinkmann News Outline Data Deduplication Compare-by-hash strategies Delta-encoding based strategies Measurements

More information

1.2 Using the GPG Gen key Command

1.2 Using the GPG Gen key Command Creating Your Personal Key Pair GPG uses public key cryptography for encrypting and signing messages. Public key cryptography involves your public key which is distributed to the public and is used to

More information

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?

More information

Live View. A New View On Forensic Imaging. Matthiew Morin Champlain College

Live View. A New View On Forensic Imaging. Matthiew Morin Champlain College Live View A New View On Forensic Imaging Matthiew Morin Champlain College Morin 1 Executive Summary The main purpose of this paper is to provide an analysis of the forensic imaging tool known as Live View.

More information

Do-It-Yourself Guide to Storage Forensics. Richard Austin, CISSP Knowledge Transfer

Do-It-Yourself Guide to Storage Forensics. Richard Austin, CISSP Knowledge Transfer Do-It-Yourself Guide to Storage Forensics Richard Austin, CISSP Knowledge Transfer SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals

More information

SkyRecon Cryptographic Module (SCM)

SkyRecon Cryptographic Module (SCM) SkyRecon Cryptographic Module (SCM) FIPS 140-2 Documentation: Security Policy Abstract This document specifies the security policy for the SkyRecon Cryptographic Module (SCM) as described in FIPS PUB 140-2.

More information

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Brian Carrier Research Scientist @stake Abstract This paper uses the theory of abstraction layers to describe the purpose

More information

SSL Protect your users, start with yourself

SSL Protect your users, start with yourself SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service

More information

TH3. Data storage. http://www.bbc.co.uk/schools/gcsebitesize/ict/

TH3. Data storage. http://www.bbc.co.uk/schools/gcsebitesize/ict/ TH3. Data storage http://www.bbc.co.uk/schools/gcsebitesize/ict/ A computer uses two types of storage. A main store consisting of ROM and RAM, and backing stores which can be internal, eg hard disk, or

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Lecture 7: Hashing III: Open Addressing

Lecture 7: Hashing III: Open Addressing Lecture 7: Hashing III: Open Addressing Lecture Overview Open Addressing, Probing Strategies Uniform Hashing, Analysis Cryptographic Hashing Readings CLRS Chapter.4 (and.3.3 and.5 if interested) Open Addressing

More information

Fixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006

Fixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006 Fixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006 Introduction: Fixity, in preservation terms, means that the digital object

More information

Computer Forensics using Open Source Tools

Computer Forensics using Open Source Tools Computer Forensics using Open Source Tools COMP 5350/6350 Digital Forensics Professor: Dr. Anthony Skjellum TA: Ananya Ravipati Presenter: Rodrigo Sardinas Overview Use case explanation Useful Linux Commands

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

Cryptography and Network Security Chapter 11

Cryptography and Network Security Chapter 11 Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 11 Cryptographic Hash Functions Each of the messages, like each

More information

Network Security. HIT Shimrit Tzur-David

Network Security. HIT Shimrit Tzur-David Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key

More information

Message Authentication Codes

Message Authentication Codes 2 MAC Message Authentication Codes : and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l08, Steve/Courses/2013/s2/css322/lectures/mac.tex,

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure

More information

Chapter 6 Electronic Mail Security

Chapter 6 Electronic Mail Security Cryptography and Network Security Chapter 6 Electronic Mail Security Lectured by Nguyễn Đức Thái Outline Pretty Good Privacy S/MIME 2 Electronic Mail Security In virtually all distributed environments,

More information

CA DLP. Stored Data Integration Guide. Release 14.0. 3rd Edition

CA DLP. Stored Data Integration Guide. Release 14.0. 3rd Edition CA DLP Stored Data Integration Guide Release 14.0 3rd Edition This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

Presentation on Black Hat Europe 2003 Conference. Security Analysis of Microsoft Encrypting File System (EFS) http://www.elcomsoft.

Presentation on Black Hat Europe 2003 Conference. Security Analysis of Microsoft Encrypting File System (EFS) http://www.elcomsoft. Presentation on Black Hat Europe 2003 Conference Security Analysis of Microsoft Encrypting File System (EFS) Microsoft Encrypting File System Encrypting File File System System (EFS) (EFS) is is a a new

More information

A Standards-based Approach to IP Protection for HDLs

A Standards-based Approach to IP Protection for HDLs A Standards-based Approach to IP Protection for HDLs John Shields Staff Engineer, Modelsim Overview Introduction A Brief Status First Look at The Flow Encryption Technology Concepts Key Management Second

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

Capturing a Forensic Image. By Justin C. Klein Keane <jukeane@sas.upenn.edu> 12 February, 2013

Capturing a Forensic Image. By Justin C. Klein Keane <jukeane@sas.upenn.edu> 12 February, 2013 Capturing a Forensic Image By Justin C. Klein Keane 12 February, 2013 Before you Begin The first step in capturing a forensic image is making an initial determination as to the

More information

Design and Analysis of Methods for Signing Electronic Documents Using Mobile Phones

Design and Analysis of Methods for Signing Electronic Documents Using Mobile Phones Design and Analysis of Methods for Signing Electronic Documents Using Mobile Phones Pramote Kuacharoen School of Applied Statistics National Institute of Development Administration 118 Serithai Rd. Bangkapi,

More information

Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com

Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform

More information

Randomized Hashing for Digital Signatures

Randomized Hashing for Digital Signatures NIST Special Publication 800-106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department

More information

DRAFT Standard Statement Encryption

DRAFT Standard Statement Encryption DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held

More information

What is network security?

What is network security? Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application

More information

Checksums, your best friends, for security

Checksums, your best friends, for security Published in Linux for You, August 2008 issue. - - - - - - - - - - - - - - - - Checksums, your best friends, for security S. Parthasarathy drpartha@gmail.com Imagine that you write an electronic cheque

More information

One-Way Encryption and Message Authentication

One-Way Encryption and Message Authentication One-Way Encryption and Message Authentication Cryptographic Hash Functions Johannes Mittmann mittmann@in.tum.de Zentrum Mathematik Technische Universität München (TUM) 3 rd Joint Advanced Student School

More information

Message Authentication

Message Authentication Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution) will consider the

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

More information

FortKnox Personal Firewall

FortKnox Personal Firewall FortKnox Personal Firewall User Manual Document version 1.4 EN ( 15. 9. 2009 ) Copyright (c) 2007-2009 NETGATE Technologies s.r.o. All rights reserved. This product uses compression library zlib Copyright

More information

Availability Digest. www.availabilitydigest.com. Data Deduplication February 2011

Availability Digest. www.availabilitydigest.com. Data Deduplication February 2011 the Availability Digest Data Deduplication February 2011 What is Data Deduplication? Data deduplication is a technology that can reduce disk storage-capacity requirements and replication bandwidth requirements

More information

TIPS IN PREVENTING INFORMATION LEAKAGE

TIPS IN PREVENTING INFORMATION LEAKAGE TIPS IN PREVENTING INFORMATION LEAKAGE 1 Presented by Christina Keing and Frankie Fu Information Security Section (ISS), ITSC 5 Sept 2008 AIMS 2 AGENDA Recent incidents What information to protect? How

More information

Network Security. Task 1 Security Measures

Network Security. Task 1 Security Measures Task 1 Security Measures Connecting your computer to a network, particularly the Internet, can put your computer and your data at risk. It is important, therefore, that you take some steps to secure your

More information

Establishing a Mechanism for Maintaining File Integrity within the Data Archive

Establishing a Mechanism for Maintaining File Integrity within the Data Archive Establishing a Mechanism for Maintaining File Integrity within the Data Archive Thomas C. Stein, Edward A. Guinness, Susan H. Slavney Earth and Planetary Sciences, Washington University, St. Louis, MO,

More information

Chapter 15: Security

Chapter 15: Security Chapter 15: Security Chapter 15: Security The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Implementing Security Defenses Firewalling

More information

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public

More information

Digital forensic analysis aims to reconstruct

Digital forensic analysis aims to reconstruct Hashing and Data Fingerprinting in Digital Forensics Hashing is a primary, yet underappreciated, tool in digital forensic investigations. Recent R&D has demonstrated that, with clever design, we can construct

More information

www.vmpcrypt.com User s manual Table of content

www.vmpcrypt.com User s manual Table of content www.vmpcrypt.com User s manual Table of content 1. INTRODUCTION... 3 2. INSTALLATION OF VMPCRYPT... 3 3. GENERAL IDEA OF CRYPTOGRAPHY AND CRITICAL ROLE OF KEY... 3 4. ENCRYPTION OF FILES AND FOLDERS...

More information

An Introduction to Cryptography as Applied to the Smart Grid

An Introduction to Cryptography as Applied to the Smart Grid An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric

More information

Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition Guide to Computer Forensics and Investigations, Second Edition Chapter 4 Current Computer Forensics Tools Objectives Understand how to identify needs for computer forensics tools Evaluate the requirements

More information

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2 Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2 FIPS 140 2 Non Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.1 Prepared for: Prepared

More information

Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology

Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology FREDRIK ANDERSSON Department of Computer Science and Engineering CHALMERS UNIVERSITY

More information

AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS

AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS K.K. Arthur 1 H.S. Venter 2 Information and Computer Security Architectures (ICSA) Research Group University of Pretoria Pretoria Department of Computer Science

More information

Lecture 9: Application of Cryptography

Lecture 9: Application of Cryptography Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

More information

Where is computer forensics used?

Where is computer forensics used? What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic

More information

Introduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics

Introduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics Introduction to Network Security Comptia Security+ Exam Domain 5 Computer Forensics Computer Forensics Forensics relates to the application of scientific knowledge and method to legal problems Investigating

More information

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents

More information

Cryptography and Network Security Chapter 12

Cryptography and Network Security Chapter 12 Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 12 Message Authentication Codes At cats' green on the Sunday he

More information

CS 2112 Spring 2014. 0 Instructions. Assignment 3 Data Structures and Web Filtering. 0.1 Grading. 0.2 Partners. 0.3 Restrictions

CS 2112 Spring 2014. 0 Instructions. Assignment 3 Data Structures and Web Filtering. 0.1 Grading. 0.2 Partners. 0.3 Restrictions CS 2112 Spring 2014 Assignment 3 Data Structures and Web Filtering Due: March 4, 2014 11:59 PM Implementing spam blacklists and web filters requires matching candidate domain names and URLs very rapidly

More information

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination

More information

Freeware Live Forensics tools evaluation and operation tips

Freeware Live Forensics tools evaluation and operation tips Freeware Live Forensics tools evaluation and operation tips Ricci IEONG, Principal Consultant, ewalker Consulting Ltd Abstract Highlighted by a digital forensics investigation specialists from FBI in DFRWS

More information