Computer forensics lecture 2

Tools for privacy

Tor- already know it

Onion ring

Bouncey bouncey ip

Tails

Live CD with some features of a forensic live CD

Leaves no trace on computer, all communications go via encrypted paths

They have faults:

e.g Tor has exit nodes

tails doesn’t encrypt by defauls

tails doesn’t make passwords stronger

tor doesn’t protect from man in the middle

True crypt

Robust encryption system for disks or folders

Pretty much unbreakable

Upon finding a system with true crypt, open system menue and select permantly decrypt system drive if going to bitlocker

Truecrypt looks random but it is not so contents can be found

RAM dump may also recover passwords and cached files stored

Private browser

Reduces traces left on a computer

Does not hide traffic

Virtual machines

Can potentially destroy evidence easily
still traceable however (See later posts)

RIPA (2000)

Can be prosecuted under this act for failing to provide a password

Suspect has to prove it is forgotten! 

Lab notes

Logbook- lab session 3

Tried command : Cat Caine.ISI.* > CAINE.ISO

Command used allowed me to write on to disk

Probably worth using man and making further notes on this

: wodim -v -padsize=63s -pad dev=/dev/sg2 caine8.0.iso

Played around with CAINE disk

Using programs such as photorec and autopsy