Contents 0 Introduction 2 Analysis Of USB Stick 2 Information Security Goals 2 Threats 2 Vulnerabilities 3 Attacks 3 Tools And Techniques Used To Recover Passwords 4 Outline 6 Conclusion 7 References 7 Introduction This is a report on my findings of the USB stick seized during the police arrest operation. Starting with a security analysis of the USB stick by defining the security goals that are trying to be achieved, the report then focuses on the tools and techniques used to recover passwords. Finally a detailed outline will be given on the steps necessary to recover the password to access the file. Analysis Of USB Stick The analysis of the USB stick will provide information on the security goals that were trying to …show more content…
In this case the suspect has to ensure that no one other than themself or anyone else that may be authorised to do so can alter the data. Also if the USB was intended for someone else and they knew the password to the folder they would know that the USB came from its intended source and not from someone else. Availability refers to the readiness of the data because if the data within the folder/USB wasn’t available when it was needed it might as well not exist. The suspect had the data on a portable USB so therefore made it very much so available when he needed it; all that was needed to access it was the password. To increase the availability of the data on the USB, back-ups can be made in case the USB becomes unreadable or lost. (1) www.computerweekly.com Threats Due to the fact that USB’s can be plugged in anywhere they can easily pick up a piece of malware. Worst case the malware could be a virus that could wipe all of your data, making it unrecoverable. If the USB stick is inserted in to a PC with no or poor security then the data on the stick could easily be read or changed by a cracker/hacker who is already eavesdropping on the network. Spyware could easily find its way onto any USB storage device which is a major threat to data confidentiality, the spyware could allow an individual to read all the data on the USB stick every time it is connected to a computer which in turn could infect every
The hard drive is extremely hard to “break into” to view the contents. There is no real easy way to access the information and the investigative options then become very limited.
2.1 Describe the features of manual and electronic information storage syatems that help ensure security
Chapter 4 in the textbook contains links to several web sites which are important to understanding computer investigations. In this section, list the web sites discussed in the chapter and include their Internet links along with a brief description of what is contained at each of these sites.
The risks that related to devices are cookies and web bugs, graphics, plug-ins, viruses and worms. Cookies are small files which are stores in a person’s computer. Those filed hold a small amount of data specific to a client or a website and can be accessed by a web server or someone’s computer. A web bug is a 1x1 pixel image used to track a user’s reading of a web page or an email. Graphics are visual representations or images of an object on a computer. Plug-ins are software applications that add a specific feature on a computer. A virus is a malicious code that copies itself on another program in someone’s computer and infects it. The virus can cause corrupted system files, wasted resources and destroyed data. A worm will replicate itself in order to move to other computers in a network. The most important to these would be worms because they will try to infect networks, which could infect a large corporation and cause large monetary loss. The next important would be viruses because they can disrupt your computer to the point where it is unusable and will cost the owner to get the virus removed, if they don’t have an antivirus. Cookies and web bugs are the next important because since they can track your browsing history, they can create adware from the sites you have visited, which could corrupt your system and cost you money. Lastly, graphics and plug-ins are the least important because a security threat would happen if executed commands within the plug-in are
While there is a possibility this found USB dongle is benign, hosting random files and pictures from the previous owner, it could also host nefarious files intended to access the companies network. If the files on the USB dongle were meant to access the company’s network, they could be done by introducing Trojans or worms. A Trojan virus is malicious code that is hidden in such a way as to obfuscate its intention, usually in the form of a legitimate program or file (Kaspersky, 2018). Once the program is introduced to a non-infected system, the payload of the virus is executed and the system is
As disaventadges, this method does not guarantee the intergrity of possible evidences, it is not possble to locate hidden information or deleted data, and if the device is looked by Pin, Gesture pattern, or password, the researcher cannot perform manual acquisition.
Loss or theft of organization’s devices like Laptops and portable devices which containing the institutional records.
Issue 4: Information Security officials failed to effectively trigger appropriate notifications and begin an investigation of the stolen data. The information security official’s incident report contained omissions and significant errors. This resulted in missed opportunity to re-create the contents of the laptop and external drive and to recognize the severity of the potential loss of data. The cybersecurity operations officials failed to ensure a timely investigation and notifications were made regarding the severity of the lost data (Opfer, 2006).
As is the case with any type of evidence seizure, what is fair game and what is off limits needs to be identified and set, preferably in writing before any work is done. (Nelson, Phillips, & Steuart, 2015). This ensures that the forensics team will be protected in the worst case scenario where the company could have an issue with what was taken, very similar to the protection ethical hackers require when performing a penetration test (##). Once this list is created, the team will interview the system administrators to provide any information allowed about the systems such as the equipment, system baselines, passwords that are allowed to be shared, and any special information that would need to be known before analyzing the system such as what information is logged and where would it be stored (Rowlingson, 2004). The entire purpose of this information gathering is to paint a clearer picture of the situation so a more detailed plan could be devised prior to any systems being touched.
It allows in a case For investigators to and hidden or deleted storage/information and help prevent or catch criminal acts.
In addition, it can corrupt some applications installed on the system that prevent users from accessing it can cause data loss.
Electronic media, including but not limited to CD’s, USB keys and microfilm must either be physically destroyed beyond repair, or wiped of all stored data.
This is all do to the fact that a thumb drive device was used against military regulations banning the use of any portable memory storage devices. Due to the fact that not only have problems like this arose, but the spread of viruses, Trojans, and other spamming and hacking codes have affected military computer networks several times. This is dangerous and has a direct negative affect on the operational missions over seas and security both on the homeland and abroad. It can allow the opposing forces to not only obtain battle
The three items that I would collect would be the external hard drive, the laptop, and the USB thumb drive. It’s important to remember that you ”must use caution when collecting, packaging, or storing digital devices to avoid altering, damaging, or destroying the digital evidence. Avoid using any tools or materials that may produce or emit static electricity or a magnetic field as these may damage or destroy the evidence” (Mukasey, 2008). The first item that I would collect as digital evidence would be the external hard drive. It may contain all types of evidence such as: files, logs, pictures, recordings, or even video logs. Before collecting it as evidence I would take pictures of the hard drive, making sure to get the manufacturer and serial numbers, and then document it. Once complete, I would seal it in an anti-static bag and label that as well. The second item that I would collect would be the laptop. This could have all of the same type of information that the hard drive has and also may contain copies, pictures, or the source code itself from “Product X.” The laptop may show whether or not he was sharing files or trade secrets with outside sources, or even if he were attempting to crack passwords so as to get into systems that weren’t available to
Attention Getter: Other than our car keys, our mobile devices have become something that we can’t leave the house with. This includes our smartphones, laptops, tablets, USBs, and digital cameras.