It has been well-documented that criminals and terrorist organizations — as well, of course, as the military, government agencies, corporations, and individuals — widely use cryptography (secret writing) and, to a lesser extent, steganography (hidden writing) in order to communicate. Digital forensics examiners, cybercrime investigators, and information security professionals are often unaware of how these technologies work; what clues to look for that might suggest that such secret and covert communication is being employed; and what tools to use with which to conduct an effective investigation when such methods are detected.

This five-day course provides an introduction to cryptology, steganography, and password breaking. The course will explain concepts and terms, and will give students information about practical applications that they might find being used in the field.

Students for this course must be at least intermediate-level computer users. They should be totally comfortable with the use of computers, the command line, the computer forensics process, and basic arithmetic manipulation, including the use of binary numbers. The course is focused on the needs of the advanced professional and, despite the terms and concepts, is not heavy on theory and mathematics.

The course will be organized into three parts, namely, cryptology, steganography, and password cracking, each occupying roughing a third of the class time.

PART I: CRYPTOLOGY

Cryptology is the study of secret writing and comprises two disciplines, namely cryptography (use of encryption codes) and cryptanalysis (breaking encryption codes). This section will define crypto terms and concepts, applications for crypto, and various low technology and computer-based encryption methods. A brief introduction to cryptanalysis will also be presented.

TOPICAL OUTLINE

• Definition of cryptology
• Basic terms and concepts
• Non-computerized encryption techniques
• Digital cryptography
o Hash functions
o Secret key cryptography (SKC)
o Public key cryptography (PKC)
• Cryptanalysis
• Conclusions

PART II: STEGANOGRAPHY

Steganography is the science of hidden writing, or using a covert communications channel that is totally visible — yet “unseen” — by a third party. This section will define stego terms and concepts, applications for stego, and various methods for steganography and steganalysis. Common stego insertion and detection tools will also be demonstrated.

TOPICAL OUTLINE

• Definition of steganography
• Basic terms and concepts
• Classification of stego
• Low-technology stego methods
• Encoding digital information
• Examples of stego
• Tools for inserting hidden data in a carrier file
• Suspecting and investigating the use of stego
• Tools for detecting stego
• Conclusions

PART III: PASSWORD BREAKING

Password protection schemes are becoming increasingly common and are, therefore, a common anti-forensic technique that frustrates the efforts of investigators. This section will discuss a variety of methods to get around passwords that protect computers, files, directories, and hard drives.

TOPICAL OUTLINE

• Definition of terms
• Attacking the application
• Known plaintext attack
• Password-guessing attacks
• Dictionary attacks
• Windows asterisk passwords
• Miscellaneous topics
• Conclusions

For more information, contact a BitSec training professional toll free at (877) 272-1417 or by email at info(at)bitsecforensics(dot)com.