Hiding behind the keyboard : uncovering covert communication methods with forensic analysis / Brett Shavers, John Bair ; Larry Leibrock, technical editor.

Format:

Book

Author/Creator:

Shavers, Brett, author.

Blair, John, author.

Contributor:

Leibrock, Larry, editor.

Language:

English

Subjects (All):

Microsoft Windows (Computer file).

Operating systems (Computers).

Computer security.

Computer networks--Security measures.

Computer networks.

Computer crimes.

Physical Description:

1 online resource (256 pages) : color illustrations

Edition:

First edition.

Place of Publication:

Cambridge, MA : Elsevier, [2016]

System Details:

text file

Summary:

Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis exposes the latest electronic covert communication techniques used by cybercriminals, along with the needed investigative methods for identifying them. The book shows how to use the Internet for legitimate covert communication, while giving investigators the information they need for detecting cybercriminals who attempt to hide their true identity. Intended for practitioners and investigators, the book offers concrete examples on how to communicate securely, serving as an ideal reference for those who truly need protection, as well as those who investigate cybercriminals. Covers high-level strategies, what they can achieve, and how to implement them Shows discovery and mitigation methods using examples, court cases, and more Explores how social media sites and gaming technologies can be used for illicit communications activities Explores the currently in-use technologies such as TAILS and TOR that help with keeping anonymous online

Contents:

Front Cover

Hiding Behind the Keyboard

Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis

Copyright

Contents

Foreword

INTRODUCTION

Introduction

WHAT THIS BOOK IS AND IS NOT

THE INTENDED AUDIENCE

Duration of Relevance for This Guide

SUMMARY

About the Authors

BRETT SHAVERS

JOHN BAIR

Acknowledgments

1 - Laying the Foundation of Covert Communications

A BRIEF HISTORY OF COVERT COMMUNICATION

COVERT COMMUNICATION OVERLOAD

Investigative Goals

COVERT COMMUNICATION GOALS

REFERENCES

2 - The Tor Browser

HISTORY AND INTENDED USE OF THE ONION ROUTER

Two Ways of Looking at The Onion Router

HOW THE ONION ROUTER WORKS

A Few Important Points About Tor

From a Tor User's Perspective

So What's the Big Deal?

From Your Perspective

FORENSIC ANALYSIS OF THE ONION ROUTER

TRACKING CRIMINALS USING TOR

USED IN COMBINATION OF OTHER TOOLS AND METHODS

TAILS

RELATED TOR TOOLS AND APPLICATIONS

Hidden Services

3 - Triaging Mobile Evidence

LOGICAL DATA

PHYSICAL DATA

EXAMPLES OF LOGICAL AND PHYSICAL DATA

WIRELESS CARRIERS

MOBILE NETWORK OPERATORS

MOBILE VIRTUAL NETWORK OPERATOR

DETERMINING TARGET NUMBER

FONEFINDER.NET

NUMBER PORTABILITY ADMINISTRATION CENTER

SEARCH.ORG

SUBSCRIBER IDENTITY MODULE

INTERNAL HARDWARE OF A SIM

THE SIM FILE SYSTEM

SIM SIZES AND EVOLUTION

TYPICAL EVIDENCE

SIM SECURITY-PIN AND PUK

TRIAGING DEVICES

DEVICES POWERED "ON"

DEVICES LOCATED "OFF"

MANUAL EXAMS

TOOLS AVAILABLE

Cellebrite USB Camera

Fernico ZRT

Project-A-Phone

Eclipse Kit 3

SOFTWARE SOLUTIONS

ScreenHunter

Snagit

Other Options

CHAPTER SUMMARY POINTS

REFERENCES FOR MANUAL TOOLS.

4 - Mobile Extraction Issues

FLASH MEMORY

EMBEDDED MULTIMEDIA CARD, EMBEDDED MULTICHIP PACKAGE, AND MULTICHIP PACKAGE

THE FUNCTION OF NAND

NAND Operation Rules

Wear Leveling and Garbage Collection

SQLite Databases

How Does All This Present Problems?

ENCODING

Binary

Binary to Decimal

Hexadecimal

American Standard Code for Information Exchange

Unicode

Big and Little Endian

Nibble Reversed

Seven-Bit Short Message Service Protocol Description Unit

EPOCHS

UNIX

Unix 48 bit

UNIX Decimal 10Byte

GPS

AOL

GSM

Decimal Format

64bit

File Time Formatted

HTML

JAVA

MSDOS

Binary-Coded Decimal

ISO 8601

Bit Date

MAC Absolute

CELLEBRITE PHYSICAL ANALYZER

Project Tree Example

Multimedia Message Service

USER-INSTALLED APPLICATIONS

USER-ENABLED SECURITY

BST

IP-Box and MFC Dongle

Advanced Nondestructive Exams-Joint Test Action Group

Destructive Exams

ADVANCED VALIDATION

Ultra Compare Professional

Chapter Summary

REFERENCES FOR LISTED TOOLS

5 - Data Hiding

WHAT IS STEGANOGRAPHY

HIDING DATA BEHIND DATA

STEGANALYSIS

Intercepted Steganography Files

Steganalysis Applications

How Much Information Can Be Hidden

STEGANOGRAPHY METHODS

Investigative Steps

RELEVANT CASES

6 - Cryptography and Encryption

BRIEF HISTORY OF ENCRYPTION AND CRYPTOGRAPHY

Tell Me What I Need to Know

BASIC WORKING KNOWLEDGE

HARDWARE

Big Boy Encryption Toys

Here Come the Computers

Ease of Use Makes It User-Friendly

PUBLIC AND PRIVATE KEYS

Breaking Encryption

THE KEY IS THE KEY

SO TELL ME SOMETHING I CAN DO ABOUT THIS!

When Nothing Works

BACK TO STEGANOGRAPHY

7 - Antiforensics

INTRODUCTION.

THE EASY AND VERY EFFECTIVE METHODS

Hiding the Evidence

Whole Device Encryption

Data Wiping

Physical Destruction

THE BEST METHODS AREN'T THE MOST COMMONLY USED METHODS

ANOTHER SIMPLE METHOD

FILE SIGNATURE MANIPULATION

TIME STAMP MODIFICATIONS

DECOY STORAGE DEVICES

PORTABLE APPS

HIDDEN OPERATING SYSTEMS

VIRTUAL MACHINES

PLANNING AGAINST ANTIFORENSICS

FINDING COMMUNICATION RECORDS ON HARD DRIVES

Locked Computers

Mobile Devices

WHEN ALL ELSE FAILS OR IS LIKELY TO FAIL

8 - Electronic Intercepts

VALUE OF ELECTRONICALLY INTERCEPTED COMMUNICATIONS

AUTHORITY AND NECESSITY

TECHNOLOGY

Capture Communications at the Source

Capture Communications at the Receiver

Trap and Trace/Pen Registers/Dialed Number Recorders

Wiretaps

Internet

TECHNICAL BARRIERS

FINDING CELL PHONE NUMBERS

9 - Digital Identity

IDENTITY

Biometric Identity

Digital Identity

FINDING THE DIGITAL IDENTITY

First Things First

Dark Web

Third-Party Providers

10 - Putting It All Together

COLLECTING REAL-TIME COMMUNICATIONS

Online Communications

Electronic Intercepts

COLLECTING HISTORICAL COMMUNICATIONS

Online Historical Information

Government Access Resources

From Seized Electronic Devices

TURNING INFORMATION INTO INTELLIGENCE

Link and Social Networking Analysis

THE (VIRTUALLY) IMPOSSIBLE

Cryptography and Steganography

Software Applications

Tor and Anonymous Chat

Devices

NON-TECH COMMUNICATIONS

PUTTING THE CASE TOGETHER

Associations and Relationships Analysis

11 - Closing Thoughts

PRIVACY EXPECTATIONS

LEGAL AND TECHNICAL CONSIDERATIONS

Legal Considerations.

Technical Considerations

The Internet Does Connect to the Physical World

Technology Makes Crimes Easier to Commit and Easier to Get Caught

Index

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Back Cover.

Notes:

Includes index.

Includes bibliographical references and index.

Description based on print version record.

ISBN:

9780128033524

0128033525

OCLC:

953489474