Join Sandra Toner for an in-depth discussion in this video Finding hidden data, part of Learning Computer Security Investigation and Response.
- In this video, we'll talk about data that's hidden using two techniques: encryption and steganography. First, let's talk about encryption. There's a variety of ways to encrypt information or devices. This is where you're encoding the data so that only an intended user with the key can decode it. Most operating systems have a built-in feature for encryption. Encryption can be used to protect information. For example, a lot of government agencies require encryption on laptops and mobile devices in case they're lost or stolen.
Let's take a look at Mac's FileVault encryption. To turn it on, you need to go the Apple menu and select System Preferences. From here, you'll select Security & Privacy. Make sure that you're looking at the FileVault tab. You can see that my FileVault encryption is currently turned off. I'm going to go ahead and enable it. But before I do so, I want to point out that you really need to read the warning message here. Once you enable FileVault encryption, you're either going to need your login password or the recovery key to access your data.
If you lose both of those, then your data will be lost as well. So I'm going to go ahead and click on Turn On FileVault. Here, it'll give me the option to link my iCloud account, but I'm going to go ahead and create a recovery key that's not associated with my iCloud account. It's really important to make a copy of this code and store it in a safe place. You don't want to put it on a note on your desktop, or on a physical sticky note in front of your workstation.
Now, in order to start the encryption process, I need to restart the system. Now that the system's started up, you can see that the encryption process is beginning. This could take a little bit of time. Now that we've looked at encryption, let's take a look at another way of hiding data, called steganography. The goal of steganography is to hide information so that even if it's captured or intercepted, the message still remains latent. If you do this properly, no one will suspect the file. People will generally think it's an ordinary file and your secret message will go unnoticed.
There's a lot of different ways to do this. You can hide messages in pictures, audio files, and video files. Now let's take a look at a free program called OpenPuff that will help you embed hidden messages in pictures. The first thing we have to do is download OpenPuff. Now that we've downloaded OpenPuff, let's extract all the files.
With the files extracted, we're now ready to try our hand at steganography. You'll want to click on the application. This is OpenPuff. It allows you to do a couple of different things and what we're going to do is try our hand at steganography. In the top column, click on the Hide button. Now, the first thing we need to do at the top, is add in some passwords. OpenPuff allows you to add up to three passwords. Now that I've got my passwords in, I want to select my Carrier.
I'm going to pick an image. Now, I need to select my Target Data. I have a secret text file that I want to embed in the image. Next, I need to select my bit options. Finally, at the bottom right, click on the button that says Hide Data. You'll need to figure out where you want your output. I'm going to go ahead and have it output to the Desktop.
Now you can see the image on my Desktop. While it looks like a normal image, it does contain an embedded hidden message. Now, let's see if we can unhide the secret message. This time from the menu I'll select Unhide. First I need to enter my passwords. Next, I'm going to select the image that I placed on the Desktop. And finally, I'll select my bit options.
Finally, click on Unhide. Again, I'll have to select the output for my file. You can see that I've uncovered the hidden secret in my image. A forensic examiner needs to understand how messages can be hidden in other files. In the next video, we'll focus on rescuing deleted data.
This course covers the basics of computer forensics and cyber crime investigation. Author Sandra Toner provides an overview of forensic science, and discusses best practices in the field and the frameworks professionals use to conduct investigations. Then, after showing how to set up a simple lab, Sandra describes how to respond to a cyber incident without disturbing the crime scene. She dives deep into evidence collection and recovery, explaining the differences between collecting evidence from Windows, Mac, and Linux machines. The course wraps up with a look at some of the more commonly used computer forensics software tools.
- Applying science to digital investigations
- Understanding forensic frameworks
- Defining cyber crime: harassment, hacking, and identity theft
- Setting up a forensic lab
- Responding to cyber incidents
- Collecting and recovering evidence
- Examining networks for evidence
- Applying forensics to Windows, Mac, and Linux
- Working with forensics tools