SlideShare a Scribd company logo

06 Computer Image Verification and Authentication - Notes

Kranthi
Kranthi
EducationTechnologyBusiness
1 of 6
Download to read offline
Computer Forensics Unit III – Part II 1 1. Special Needs of Evidential Authentication *****  During an investigation, it is decided that evidence may reside on a computer system.  It may be possible to seize or impound the computer system, but this risks violating the basic principle of innocent until proven guilty, by depriving an innocent party of the use of his or her system.  It should be perfectly possible to copy all the information from the computer system in a manner that leaves the original system untouched and yet makes all contents available for forensic analysis.  The courts may rightly insist that the copied evidence is protected from either accidental or deliberate modification and that the investigating authority should prove that this has been done. Thus, it is not the content that needs protection, but its integrity.  This protection takes two forms:  A secure method of determining that the data has not been altered by even a single bit since the copy was taken.  A secure method of determining that the copy is genuinely the one taken at the time and on the computer in question.  These elements are collectively referred as the Digital Image Verification and Authentication Protocol. DIGITAL IDS AND AUTHENTICATION TECHNOLOGY  Without an assurance of the software’s integrity, and without knowing who published the software, it’s difficult for customers to know how much to trust software.  It’s difficult to make the choice of downloading the software from the Internet.  For example (when using Microsoft Authenticode coupled with Digital IDs™ from VeriSign®), through the use of digital signatures, software developers are able to include information about themselves and their code with their programs.  When customers download software signed with Authenticode and verified by VeriSign, they should be assured of content source, indicating that the software really comes from the publisher who signed it, and content integrity, indicating that the software has not been altered or corrupted since it was signed. Computer Image Verification and Authentication
Computer Forensics Unit III – Part II 2 Authenticode  Microsoft Authenticode allows developers to include information about themselves and their code with their programs through the use of digital signatures.  Through Authenticode, the user is informed: 1. Of the true identity of the publisher 2. Of a place to find out more about the control 3. The authenticity of the preceding information  Users can choose to trust all subsequent downloads of software from the same publisher and all software published by commercial publishers that has been verified by VeriSign. Public Key Cryptography  In public key cryptographic systems, every entity has two complementary keys (a public key and private key) that function only when they are held together.  Public keys are widely distributed to users, whereas private keys are kept safe and only used by their owner.  Any code digitally signed with the publisher’s private key can only be successfully verified using the complementary public key.  Code that successfully verified using the publisher’s public key, could only have been digitally signed using the publisher’s private key, and has not been tampered with. Certificate Authorities  Certification Authorities such as VeriSign are organizations that issue digital certificates to applicants whose identity they are willing to vouch for. Each certificate is linked to the certificate of the CA that signed it.  VeriSign has the following responsibilities: 1. Publishing the criteria for granting, revoking, and managing certificates 2. Granting certificates to applications who meet the published criteria 3. Managing certificates 4. Storing VeriSign’s root keys in an exceptionally secure manner 5. Verifying evidence submitted by applicants 6. Providing tools for enrollment 7. Accepting the liability associated with these responsibilities
Computer Forensics Unit III – Part II 3 8. Time-stamping digital signatures Digital ID  A Digital ID/Certificate is a form of electronic credentials for the Internet.  A Digital ID is issued by a trusted third party to establish the identity of the ID holder.  The third party who issues certificates is known as a Certificate Authority (CA).  Digital ID technology is based on the theory of public key cryptography.  The purpose of a Digital ID is to reliably link a public/private key pair with its owner.  When a CA such as VeriSign issues a Digital IDs, it verifies that the owner is not claiming a false identity.  When a CA issues you a digital certificate, it puts its name behind the statement that you are the rightful owner of your public/private key pair. How Authenticode works with VeriSign Digital IDs? Authenticode: VeriSign Digital ID process 1. Publisher obtains a Software Developer Digital ID from VeriSign 2. Publisher creates code 3. Using the SIGNCODE.EXE utility, the publisher o Creates a hash of the code, using an algorithm such as MD5 or SHA o Encrypts the has using his/her private key o Creates a package containing the code, the encrypted hash, and the publisher’s certificate
Computer Forensics Unit III – Part II 4 4. The end user encounters the package 5. The end user’s browser examines the publisher’s Digital ID. Using the VeriSign root Public Key, which is already embedded in Authenticode enabled applications, the end user browser verifies the authenticity of Software Developer Digital ID (which is itself signed by the VeriSign root Private Key) 6. Using the publisher’s public key contained within the publisher’s Digital ID, the end user browser decrypts the signed hash. 7. The end browser runs the code through the same hashing algorithm as the publisher, creating a new hash. 8. The end user browser compares the two hashes. If they are identical, the browser messages that the content has been verified by VeriSign, and the end user has the confidence that the code was signed by the publisher identified in the Digital ID, and the code hasn’t been altered since it was signed. Time Stamping: Because key pairs are based on mathematical relationships that can theoretically be “cracked” with a great deal of time and effort, it is a well-established security principle that digital certificates should expire. 2. Practical Consideration*  It is useful to present some fundamental requirements of a forensic data collection system before considering how these can be securely protected.  Other forensic experts may argue against some or all of them: 1. Forensic data collection should be complete and non-software specific, thus avoiding software traps and hidden partitioning. 2. In operation, it should be as quick and as simple as possible to avoid error or delay. 3. It should be possible for anyone to use a forensic data collection system with the minimum amount of training. 4. Necessary costs and resources should be kept to a minimum.  To meet the conditions specified in items 2, 3, and 4, the digital integrity verification and authentication protocol must be tailored to suit.  Only investigators issued with a valid digital signature would be able to complete copies.
Computer Forensics Unit III – Part II 5 3. Practical Implementation****  A minimum amount of reliance is placed on the technical ability of the operator/investigator.  It must be understood that during the copying process, procedures are implemented to trap and handle hardware errors, mapping exceptions where necessary.  It must also be understood that procedures are implemented to verify that information is copied correctly.  This information is stored on each cartridge within a copy series.  Also stored on each cartridge is a reference area containing copy-specific information such as CPU type and speed, hardware equipment indicators, copying drive serial number, cartridge sequence number, exhibit details and reference comments, operator name together with a unique password, and the real date and time as entered by the operator.  The cartridge is divided into blocks of an arbitrary chosen size. Blocks may contain reference, ROM, CMOS, or disk data depending on their location on the cartridge. Each cartridge contains the information copied from the suspect drive on a sector by sector basis. Safe Boxes and the Vault  As each block is copied and verified, a hash value is generated such that a single bit change anywhere within the block would produce a different hash. The result is stored in the relevant safe box and copying to the next block.  Once all the blocks relevant to a particular cartridge have been copied and treated in this way, the whole group of safe boxes, collectively referred to as the vault, are treated as an individual block and a vault hash value is generated and stored in the final safe box. The vault is then copied to another area of the cartridge and this second copy is encrypted.  The vault hash value for each cartridge is stored in a separate area in memory and the operator is prompted to insert a new cartridge until the copy is completed. The final cartridge will contain similar information to the others in the series and in addition will have the accumulated vault hash values from all other cartridges in the series.  Once the final cartridge has been copied, the operator is prompted to insert a preformatted floppy disk into the drive used to start the DIBS process. All of the accumulated vault hash values are then written to a floppy disk together with the reference details of the whole copy procedure. At least two identical floppy disks are created in this manner.  The floppy disks are then sealed in numbered, tamperproof bags and both numbers are written on both envelops. The computer owner is given his or her chosen floppy and the other is placed in secure storage.
Computer Forensics Unit III – Part II 6 Security Considerations  Computer forensics investigators are constantly discovering new vulnerabilities in old image verification and authentication products.  As a result CIOs (Chief information Officers) are devoting more money and time to image verification and authentication security.  Staff-members are the ones who make sure viruses don’t come in and holes aren’t created in the firewall.  They have to understand that most business is built on trust, and their role in maintaining trust is crucial.  It’s difficult, perhaps impossible, to measure the return on investment in security.  You have to protect your data. It only takes one time ---one hacker getting in and hacking all your financial data.  It would be irresponsible on CIO’s part not have the toughest image verification and authentication security possible. Source: COMPUTER FORENSICS: COMPUTER CRIME SCENE INVESTIGATION, JOHN VACCA Send your feedback to kranthi@kranthi.co.in

Recommended

02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2Manu Mathew Cherian
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
03 Data Recovery - Notes
03 Data Recovery - Notes03 Data Recovery - Notes
03 Data Recovery - NotesKranthi
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation Jyothishmathi Institute of Technology and Science Karimnagar
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 

Recommended

02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2Manu Mathew Cherian
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
03 Data Recovery - Notes
03 Data Recovery - Notes03 Data Recovery - Notes
03 Data Recovery - NotesKranthi
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation Jyothishmathi Institute of Technology and Science Karimnagar
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Data recovery
Data recoveryData recovery
Data recoveryAbhinav Parihar
 
Computer forensic
Computer forensicComputer forensic
Computer forensicSinggih Prasetya
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
data hiding techniques.ppt
data hiding techniques.pptdata hiding techniques.ppt
data hiding techniques.pptMuzamil Amin
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigationedwardbel
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
E mail forensics
E mail forensicsE mail forensics
E mail forensicssaddamhusain hadimani
 
Intro to cyber forensics
Intro to cyber forensicsIntro to cyber forensics
Intro to cyber forensicsChaitanya Dhareshwar
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Jyothishmathi Institute of Technology and Science Karimnagar
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics toolSreekanth Narendran
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 

More Related Content

What's hot

Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolsN.Jagadish Kumar
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
data hiding techniques.ppt
data hiding techniques.pptdata hiding techniques.ppt
data hiding techniques.pptMuzamil Amin
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigationedwardbel
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 

What's hot (20)

Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
computer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software toolscomputer forensic tools-Hardware & Software tools
computer forensic tools-Hardware & Software tools
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
 
Email investigation
Email investigationEmail investigation
Email investigation
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
Data recovery
Data recoveryData recovery
Data recovery
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its role
 
data hiding techniques.ppt
data hiding techniques.pptdata hiding techniques.ppt
data hiding techniques.ppt
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigation
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
E mail forensics
E mail forensicsE mail forensics
E mail forensics
 
Intro to cyber forensics
Intro to cyber forensicsIntro to cyber forensics
Intro to cyber forensics
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensics
 
Initial Response and Forensic Duplication
Initial Response and Forensic Duplication Initial Response and Forensic Duplication
Initial Response and Forensic Duplication
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 

Viewers also liked

Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
P Hundamental Security Coding Secure With Php Lamp
P Hundamental Security Coding Secure With Php LampP Hundamental Security Coding Secure With Php Lamp
P Hundamental Security Coding Secure With Php Lampphptechtalk
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Muzzammil Wani
 
IEF for Military and Government
IEF for Military and GovernmentIEF for Military and Government
IEF for Military and GovernmentJADsoftware
 
Logs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMAAnton Chuvakin
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Cellebrite
 
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformBasis Technology
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureOllie Whitehouse
 
BSidesDC - **** it, Do It Live (PowerShell Digital Forensics)
BSidesDC - **** it, Do It Live (PowerShell Digital Forensics)BSidesDC - **** it, Do It Live (PowerShell Digital Forensics)
BSidesDC - **** it, Do It Live (PowerShell Digital Forensics)Jared Atkinson
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
core_committee_members_list
core_committee_members_listcore_committee_members_list
core_committee_members_listDhiru Bhai
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic InvestigatorAgape Inc
 
Computer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hideComputer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hideAntonio Sanz Alcober
 

Viewers also liked (18)

Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
P Hundamental Security Coding Secure With Php Lamp
P Hundamental Security Coding Secure With Php LampP Hundamental Security Coding Secure With Php Lamp
P Hundamental Security Coding Secure With Php Lamp
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014
 
IEF for Military and Government
IEF for Military and GovernmentIEF for Military and Government
IEF for Military and Government
 
Logs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMALogs for Information Assurance and Forensics @ USMA
Logs for Information Assurance and Forensics @ USMA
 
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
Extracting and Decoding Smartphone and Tablet Evidence with the UFED Series: ...
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
 
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics PlatformAutopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
Autopsy 3: Free Open Source End-to-End Windows-based Digital Forensics Platform
 
File000120
File000120File000120
File000120
 
Euroforensics 2012
Euroforensics 2012Euroforensics 2012
Euroforensics 2012
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics Lecture
 
BSidesDC - **** it, Do It Live (PowerShell Digital Forensics)
BSidesDC - **** it, Do It Live (PowerShell Digital Forensics)BSidesDC - **** it, Do It Live (PowerShell Digital Forensics)
BSidesDC - **** it, Do It Live (PowerShell Digital Forensics)
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
core_committee_members_list
core_committee_members_listcore_committee_members_list
core_committee_members_list
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
 
Computer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hideComputer Forensics: You can run but you can't hide
Computer Forensics: You can run but you can't hide
 

Similar to 06 Computer Image Verification and Authentication - Notes

The Best Practice with Code Signing Certificates - CodeSignCert.com
The Best Practice with Code Signing Certificates - CodeSignCert.comThe Best Practice with Code Signing Certificates - CodeSignCert.com
The Best Practice with Code Signing Certificates - CodeSignCert.comKayra Obrain
 
Information technology-act2000-120112080011-phpapp02 2
Information technology-act2000-120112080011-phpapp02 2Information technology-act2000-120112080011-phpapp02 2
Information technology-act2000-120112080011-phpapp02 2Suryadev Maity
 
Information-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
Information-Technology-Act 2000- An overview-sethassociatesppt (1).pptInformation-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
Information-Technology-Act 2000- An overview-sethassociatesppt (1).pptshahulgk
 
Information technology-act 2000
Information technology-act 2000Information technology-act 2000
Information technology-act 2000Onkar Sule
 
Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptSuvabrataSamanta
 
Network Security
Network SecurityNetwork Security
Network SecurityBeth Hall
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorIDES Editor
 
Grid security seminar mohit modi
Grid security seminar mohit modiGrid security seminar mohit modi
Grid security seminar mohit modiMohit Modi
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vandaVanda KANY
 
Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfDefine PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfxlynettalampleyxc
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Narrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardNarrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardConference Papers
 
Information Technology Act 2000 An Overview
Information Technology Act 2000 An OverviewInformation Technology Act 2000 An Overview
Information Technology Act 2000 An OverviewAnubhav
 
Computer Security Test
Computer Security TestComputer Security Test
Computer Security Testkhant14
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...RSIS International
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Editor IJARCET
 

Similar to 06 Computer Image Verification and Authentication - Notes (20)

The Best Practice with Code Signing Certificates - CodeSignCert.com
The Best Practice with Code Signing Certificates - CodeSignCert.comThe Best Practice with Code Signing Certificates - CodeSignCert.com
The Best Practice with Code Signing Certificates - CodeSignCert.com
 
Information technology-act2000-120112080011-phpapp02 2
Information technology-act2000-120112080011-phpapp02 2Information technology-act2000-120112080011-phpapp02 2
Information technology-act2000-120112080011-phpapp02 2
 
Ppt
PptPpt
Ppt
 
Cloud Security Mechanisms
Cloud Security MechanismsCloud Security Mechanisms
Cloud Security Mechanisms
 
Information-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
Information-Technology-Act 2000- An overview-sethassociatesppt (1).pptInformation-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
Information-Technology-Act 2000- An overview-sethassociatesppt (1).ppt
 
Information technology-act 2000
Information technology-act 2000Information technology-act 2000
Information technology-act 2000
 
Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatesppt
 
Network Security
Network SecurityNetwork Security
Network Security
 
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the PerpetratorAn Efficient Buyer - Seller Protocol to Identify the Perpetrator
An Efficient Buyer - Seller Protocol to Identify the Perpetrator
 
Grid security seminar mohit modi
Grid security seminar mohit modiGrid security seminar mohit modi
Grid security seminar mohit modi
 
presentation_finals
presentation_finalspresentation_finals
presentation_finals
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
 
Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdfDefine PKI (Public Key Infrastructure) and list and discuss the type.pdf
Define PKI (Public Key Infrastructure) and list and discuss the type.pdf
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Narrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forwardNarrative of digital signature technology and moving forward
Narrative of digital signature technology and moving forward
 
Information Technology Act 2000 An Overview
Information Technology Act 2000 An OverviewInformation Technology Act 2000 An Overview
Information Technology Act 2000 An Overview
 
Computer Security Test
Computer Security TestComputer Security Test
Computer Security Test
 
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
Security Mechanisms for Precious Data Protection of Divergent Heterogeneous G...
 
Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310Ijarcet vol-2-issue-7-2307-2310
Ijarcet vol-2-issue-7-2307-2310
 

Recently uploaded

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxShobhayan Kirtania
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 

Recently uploaded (20)

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 

06 Computer Image Verification and Authentication - Notes

  • 1. Computer Forensics Unit III – Part II 1 1. Special Needs of Evidential Authentication *****  During an investigation, it is decided that evidence may reside on a computer system.  It may be possible to seize or impound the computer system, but this risks violating the basic principle of innocent until proven guilty, by depriving an innocent party of the use of his or her system.  It should be perfectly possible to copy all the information from the computer system in a manner that leaves the original system untouched and yet makes all contents available for forensic analysis.  The courts may rightly insist that the copied evidence is protected from either accidental or deliberate modification and that the investigating authority should prove that this has been done. Thus, it is not the content that needs protection, but its integrity.  This protection takes two forms:  A secure method of determining that the data has not been altered by even a single bit since the copy was taken.  A secure method of determining that the copy is genuinely the one taken at the time and on the computer in question.  These elements are collectively referred as the Digital Image Verification and Authentication Protocol. DIGITAL IDS AND AUTHENTICATION TECHNOLOGY  Without an assurance of the software’s integrity, and without knowing who published the software, it’s difficult for customers to know how much to trust software.  It’s difficult to make the choice of downloading the software from the Internet.  For example (when using Microsoft Authenticode coupled with Digital IDs™ from VeriSign®), through the use of digital signatures, software developers are able to include information about themselves and their code with their programs.  When customers download software signed with Authenticode and verified by VeriSign, they should be assured of content source, indicating that the software really comes from the publisher who signed it, and content integrity, indicating that the software has not been altered or corrupted since it was signed. Computer Image Verification and Authentication
  • 2. Computer Forensics Unit III – Part II 2 Authenticode  Microsoft Authenticode allows developers to include information about themselves and their code with their programs through the use of digital signatures.  Through Authenticode, the user is informed: 1. Of the true identity of the publisher 2. Of a place to find out more about the control 3. The authenticity of the preceding information  Users can choose to trust all subsequent downloads of software from the same publisher and all software published by commercial publishers that has been verified by VeriSign. Public Key Cryptography  In public key cryptographic systems, every entity has two complementary keys (a public key and private key) that function only when they are held together.  Public keys are widely distributed to users, whereas private keys are kept safe and only used by their owner.  Any code digitally signed with the publisher’s private key can only be successfully verified using the complementary public key.  Code that successfully verified using the publisher’s public key, could only have been digitally signed using the publisher’s private key, and has not been tampered with. Certificate Authorities  Certification Authorities such as VeriSign are organizations that issue digital certificates to applicants whose identity they are willing to vouch for. Each certificate is linked to the certificate of the CA that signed it.  VeriSign has the following responsibilities: 1. Publishing the criteria for granting, revoking, and managing certificates 2. Granting certificates to applications who meet the published criteria 3. Managing certificates 4. Storing VeriSign’s root keys in an exceptionally secure manner 5. Verifying evidence submitted by applicants 6. Providing tools for enrollment 7. Accepting the liability associated with these responsibilities
  • 3. Computer Forensics Unit III – Part II 3 8. Time-stamping digital signatures Digital ID  A Digital ID/Certificate is a form of electronic credentials for the Internet.  A Digital ID is issued by a trusted third party to establish the identity of the ID holder.  The third party who issues certificates is known as a Certificate Authority (CA).  Digital ID technology is based on the theory of public key cryptography.  The purpose of a Digital ID is to reliably link a public/private key pair with its owner.  When a CA such as VeriSign issues a Digital IDs, it verifies that the owner is not claiming a false identity.  When a CA issues you a digital certificate, it puts its name behind the statement that you are the rightful owner of your public/private key pair. How Authenticode works with VeriSign Digital IDs? Authenticode: VeriSign Digital ID process 1. Publisher obtains a Software Developer Digital ID from VeriSign 2. Publisher creates code 3. Using the SIGNCODE.EXE utility, the publisher o Creates a hash of the code, using an algorithm such as MD5 or SHA o Encrypts the has using his/her private key o Creates a package containing the code, the encrypted hash, and the publisher’s certificate
  • 4. Computer Forensics Unit III – Part II 4 4. The end user encounters the package 5. The end user’s browser examines the publisher’s Digital ID. Using the VeriSign root Public Key, which is already embedded in Authenticode enabled applications, the end user browser verifies the authenticity of Software Developer Digital ID (which is itself signed by the VeriSign root Private Key) 6. Using the publisher’s public key contained within the publisher’s Digital ID, the end user browser decrypts the signed hash. 7. The end browser runs the code through the same hashing algorithm as the publisher, creating a new hash. 8. The end user browser compares the two hashes. If they are identical, the browser messages that the content has been verified by VeriSign, and the end user has the confidence that the code was signed by the publisher identified in the Digital ID, and the code hasn’t been altered since it was signed. Time Stamping: Because key pairs are based on mathematical relationships that can theoretically be “cracked” with a great deal of time and effort, it is a well-established security principle that digital certificates should expire. 2. Practical Consideration*  It is useful to present some fundamental requirements of a forensic data collection system before considering how these can be securely protected.  Other forensic experts may argue against some or all of them: 1. Forensic data collection should be complete and non-software specific, thus avoiding software traps and hidden partitioning. 2. In operation, it should be as quick and as simple as possible to avoid error or delay. 3. It should be possible for anyone to use a forensic data collection system with the minimum amount of training. 4. Necessary costs and resources should be kept to a minimum.  To meet the conditions specified in items 2, 3, and 4, the digital integrity verification and authentication protocol must be tailored to suit.  Only investigators issued with a valid digital signature would be able to complete copies.
  • 5. Computer Forensics Unit III – Part II 5 3. Practical Implementation****  A minimum amount of reliance is placed on the technical ability of the operator/investigator.  It must be understood that during the copying process, procedures are implemented to trap and handle hardware errors, mapping exceptions where necessary.  It must also be understood that procedures are implemented to verify that information is copied correctly.  This information is stored on each cartridge within a copy series.  Also stored on each cartridge is a reference area containing copy-specific information such as CPU type and speed, hardware equipment indicators, copying drive serial number, cartridge sequence number, exhibit details and reference comments, operator name together with a unique password, and the real date and time as entered by the operator.  The cartridge is divided into blocks of an arbitrary chosen size. Blocks may contain reference, ROM, CMOS, or disk data depending on their location on the cartridge. Each cartridge contains the information copied from the suspect drive on a sector by sector basis. Safe Boxes and the Vault  As each block is copied and verified, a hash value is generated such that a single bit change anywhere within the block would produce a different hash. The result is stored in the relevant safe box and copying to the next block.  Once all the blocks relevant to a particular cartridge have been copied and treated in this way, the whole group of safe boxes, collectively referred to as the vault, are treated as an individual block and a vault hash value is generated and stored in the final safe box. The vault is then copied to another area of the cartridge and this second copy is encrypted.  The vault hash value for each cartridge is stored in a separate area in memory and the operator is prompted to insert a new cartridge until the copy is completed. The final cartridge will contain similar information to the others in the series and in addition will have the accumulated vault hash values from all other cartridges in the series.  Once the final cartridge has been copied, the operator is prompted to insert a preformatted floppy disk into the drive used to start the DIBS process. All of the accumulated vault hash values are then written to a floppy disk together with the reference details of the whole copy procedure. At least two identical floppy disks are created in this manner.  The floppy disks are then sealed in numbered, tamperproof bags and both numbers are written on both envelops. The computer owner is given his or her chosen floppy and the other is placed in secure storage.
  • 6. Computer Forensics Unit III – Part II 6 Security Considerations  Computer forensics investigators are constantly discovering new vulnerabilities in old image verification and authentication products.  As a result CIOs (Chief information Officers) are devoting more money and time to image verification and authentication security.  Staff-members are the ones who make sure viruses don’t come in and holes aren’t created in the firewall.  They have to understand that most business is built on trust, and their role in maintaining trust is crucial.  It’s difficult, perhaps impossible, to measure the return on investment in security.  You have to protect your data. It only takes one time ---one hacker getting in and hacking all your financial data.  It would be irresponsible on CIO’s part not have the toughest image verification and authentication security possible. Source: COMPUTER FORENSICS: COMPUTER CRIME SCENE INVESTIGATION, JOHN VACCA Send your feedback to kranthi@kranthi.co.in