To study of AccessData_FTK_Imager_4.2.1 for password cracking and dumpIt version 3.2 for capturing of raw files.

Contents

INTRODUCTION

The password has been used to encrypt the information or message for a long time in the history and it leads to discipline: cryptography, Furthermore, with the rapid development of computer science. The passwords is now also commonly used for user authentication issue, which is very important to the internet security.

RFC 2828 defines user authentication as “the process of verifying an identity claimed by or for a system entity”. The authentication service must assure that the connection is not interfered by a third party masquerading as one of the two legitimate parties, which usually concerns two approaches data origin authentication. The data origin authentication provides for the corroboration of the source of a data unit without the protection against the duplication or modification of data units, and this type of service supports applications like email where there are no prior interactions between the communicating entities. The peer entity authentication provides for the corroboration of the identity of a peer entity in an association for use of a connection at the establishment or at times during the data transfer phase, which attempts to provide confidence that an entity is not performing either a masquerade or an unauthorized replay of a previous connection. There are usually four means of authenticating user identity based on: something the individual know (e.g. password, PIN, answers to prearranged questions). Something the individual does (token e.g: smartcard, electronic keycard, physical key). Something the individual is (static biometrics, e.g. fingerprint, retina, face). The growth of both IT technology and the Internet Communication has involved the development of lot of encrypted information. Among others techniques of message hiding, steganography is one them but more suspicious as no one cannot see the secret message. As we always use the MS Office, there are many ways to hide secret messages by using PowerPoint as normal file. Owing to a number of reasons, the deployment of encryption solutions are beginning to be ubiquitous at both organizational and individual levels. The most emphasized reason is the necessity to ensure confidentiality of privileged information. Unfortunately, it is also popular as cyber-criminals’ escape route from the grasp of digital forensic investigatiors. The direct encryption of data or indirect encryption of storage devices, more often than not, prevents access to such information contained therein.

Data is becoming largely existent in today’s world than they were anticipated three decades ago. Individuals keeps more amount of information than organizations kept in the yesteryears. Significant amounts of such information are valued and consequently preferred to be known to them alone. Such valued information includes their financial details, medical records, locations, as well as professional and network information. Businesses and organizations possess larger amounts of information than individuals. A good amount of such information is critical to their sustained existence and growth. Their intellectual properties and trade secrets are kept away from potential exploits, thus, considered very private. Governments and agencies keep sensitive information that may affect the stability of their jurisdictions, politically or economically, if divulged. The necessity to keep such information within the required confines describes a component purpose of Information Security, which involves the totality of activities to ensure the protection of information assets that use, store, or transmit information from risk through the application of policies, education, training, awareness, and technology. Data security involves the consideration of potential confidentiality, integrity, and availability threats to data services, using functions such as identification, authentication, authorization and audit. Data encryption may not be an explicit solution to information security problems, as organizations remain increasingly vulnerable to data breach incidents, but it is still the most efficient fix when deployed adequately. This has led to the growing availability of full disk encryption tools. Disk manufacturers are embedding full encryption tools into their products, making encryption more available for use. The study conducted by showed the increased usage of full disk, virtual volume, native disk, and flash drive encryptions over two years. However, for some reasons other than the cost of deployment and managing an encryption solution, some organizations have shunned or still undecided about adopting encryption solutions. They insisted that “availability is more important than confidentiality”.

Surveys revealed the continuously increasing adoption of cryptographic solutions by organizations for various data security platforms within the last five years. The report of the surveys infers the anticipation of non-users to adopt partial or holistic cryptographic solutions in the nearest future. This suggests the impending domination by cryptographic procedures, to protect information in the computer world. There are ways for investigators to out maneuver the use of cryptography as a provocation to digital forensics processes. These methods are either by legally obtaining appropriate ‘search and seize’ authorizations or tactically planning to catch the offender unawares and hence, access live – running and unencrypted – systems . However, only a handful of encryption incidents encountered by investigators have been solved using those methods. 60% of cyber criminals often does not get prosecuted, not because they were missed, but because nothing could be done to access the potential evidence. The inconsistency of legal systems across boundaries does not make the process easier, as laws may or may not enjoin perpetrators to help the investigators access the encrypted medium . This was evident in the Dantas’ suspected money laundering case, where Brazil had no legislation to make him reveal his passphrase or encryption type, unlike the United Kingdom. Therefore, researchers and developers need to be reminded of privacy-enforcement threats to forensic investigations, and pestered about the need for technologies to help deal with accessing encrypted storage devices.

Data Encryption for Information Security in order to examine threats contributed by a technology, the solutions it offers should be considered too.

Encryption, as an element of cryptography, is a methodology for achieving information security, through secretive communications. The United Kingdom’s Data Protection Act 1998 most suitably describes the confidentiality element of information security. It seeks to ensure that the information held by organizations of their customers and employees are safeguarded from other uses than they were obtained . This is meant to avert incidents such as identity crimes, and protect such potential victims from damages and embarrassment that unauthorized use of their data may cause the powers conferred on the Information.

There is also a huge necessity to ensure the confidentiality of data items, at rest, in use, or in motion. Financial organizations, where transactions are regularly performed on data, have to ensure that such data are not subject to unauthorized access or modifications. The combination of the encryption and hash technologies to create digital signatures and certificates, which are used to ensure data confidentiality and integrity, is a laudable approach. As far as information security is concerned, data encryption technology has been of invaluable success on the confidentiality and integrity fronts. Whereas on the availability front, it is known for delays on sparse occasions. Serious availability issues caused by the deployment of encryption solutions are not unheard of, although they are usually addressable by providers. In an overall sense, it is hence, agreeable regard data encryption as a massive solution for information security challenges.

DumpIt is a compact portable tool which makes it easy to save the contents of your PC’s RAM. It’s a console utility, but there’s no need to open a command line, or master a host of cryptic command line switches. Instead, all you do is double-click the program’s executable (a tiny 203 KB), press “Y” to confirm that you’re “sure you want to continue” – and that’s it, DumpIt will save the contents of RAM to a file in DumpIt’s current folder course this may take a while, especially if you’ve a lot of RAM. DumpIt will save your entire 3GB user address space on a 32-bit Windows system, and the contents of your entire installed RAM on a 64-bit system, so this isn’t going to happen in a second or two. Be patient, though, and the DumpIt window will alert you when the process is complete. Dump the RAM to disk, use something like the hex editor HxD to open the file, and you can search for a phrase which you know was in the text. With any luck you’ll find it (we tested this with Word 2010 and it worked just fine), and while you won’t be able to copy and paste the text from RAM, or easily extract images or binary data, you can atleast read it and retype the text elsewhere. Alternative, MoonSols Windows Memory Toolkit can take a memory dump and convert it into a form which can be analyzed by Microsoft Windows Debugger, which may (for example) help you to figure out why your troublesome program locked up in the first place. Read more at the MoonSols site.

DumpIt provides an easy way to save the contents of RAM. This probably isn’t something you’ll need to use often, but when you do then it could be very useful, and as the program is also small and portable then it’s well worth putting aside for emergencies.

The research completely on the task of capturing images using dumpIt version 3.2 and cracking password using AccessData_FTK_Imager_4.2.1 (FTK). And study the free version of this software is how much accurate to get the results by examine with ten personal computers physical memory in live. By the study relating to get to know how much the ordinary person capturing the image of the system using dumpIt and cracking passwords with FTK. This study giving the clear cut view how the forensic examing tool is FTK and dumpIt.

The effectiveness of data encryption as a mechanism for enforcing information privacy is massive. This is evident by the reported widespread use of various data encryption solutions at the organizational and individual levels. However, its huge success for data access restriction has been a threat for digital forensics processes over the years. Cyber-criminals have been exploiting the information confidentiality ability of data encryption solutions, to restrict digital forensics investigators’ accesses to potential evidence. The ubiquitous availability, inexpensive cost and easy implementation of encryption solutions enhance the threats posed to digital forensics processes. Investigators sometimes get around the encryption challenge through careful and thoughtful planning of search and seizure, thorough search for exposed encryption keys, and advanced in memory data retrieval techniques. Yet, a minimum of 60% of computer incidents involving data-encryption end up not prosecutable.

AIM AND OBJECTIVES

AIM:

To study of Access Data_FTK_Imager_4.2.1 for password cracking and dumpIt version 3.2 for capturing of raw files.

OBJECTIVES:

  • To ensure the software are user friendly.
  • To extract there artifacts from the image.
  • To identify the role of free software’s in capturing of passwords.
  • Forensic significance of this software.

MATERIALS AND METHODOLOGY

MATERIALS:

  • Personnel computer(PC)
  • AccessData_FTK_Imager_4.2.1
  • dumpIt version 3.2
  • Raw Live Image Captured (05 collected sample)

METHODOLOGY:

Step I– Install dumpIt version 1.3.2

Fig I.i Browsing of the DumpIt Version 1.3.2

Fig I.ii Downloading of the DumpIt Version 1.3.2
Fig I.iii Starting of DumpIt Installation
Fig I.iv Installation of dumpIt

Step II- Extract dumpIt files and let it run in command prompt

Fig II.i Successfully completed the raw image capturing
Fig II. ii Generated raw file

Step III -Install AccessData_FTK_Imager

Fig III.i Browsing of AccessData_FTK_Imager version
Fig III.ii Downloading of AccessData_FTK_Imager version 4.2.1
Fig III.iii Open your respective mail click on the link for installing AccessData_FTK_Imager version 4.2.1

Step IV- Click on add evidence

Step V- Capturing of Password

Fig V.i Click on the physical drive (if the cracking password of the system itself)
Fig V.ii Click on the logical drive (if the cracking password from other computers raw Image)

Step VI-Captured image

Fig VI.i Captured image

Step VII- Click ctrl+f

Step VIII- By using various strings like email & password try to cracking passwords and mail id

Fig VIII.i while entering the string as email
Fig VIII.ii while entering the string as password

OBSERVATION AND FINDINGS

OBSERVATION:

Sample 1

Observation: Captured Facebook Id and Password

Fig 1.1 login id of facebook
Fig 1. 2 Password of Facebook
Fig 1.3 Logged in Page
Fig 2. 1 Captured Email Id
Fig 2. 2 Captured Password

Sample 2

Observation: Captured Password of Netacad Account

Fig 2.3 Logged in Page

Sample 3

Observation: Captured shine learning account id and password

Fig 3.1 captured email id
Fig 3.3 Logged in Page

Sample 4

Observation: Captured Password of Netacad Account

Fig 4.1 Captured Email Id
Fig 4. 2 Captured Password
Fig 4.3 Logged in Page

Sample 5

Observation: Captured Recently Used Website 1

Fig 5.1 Captured Link of Website
Fig 5.2 By Using the Link Entered Browsers

Sample 6

Observation: Captured Recently Used Website 2

Fig 6. 1 Captured Link of Website
Fig 6.2 Using the Link entered Browsers

Sample 7

Observation: Captured Recently Used Website 3

Fig 7.1 Captured Link of Website
Fig 7.2 Using the Link entered Browsers

Sample 8

Observation: Captured Recently used Website 4

Fig 8.1 captured link of website

Sample 9

Observation: Captured Recently used Website 5

Fig 9.1 Captured Link of Website
Fig 9.2 Using the Link entered Browsers

Sample 10

Captured recently used website 6

Fig 10.1 Captured Link of Website
Fig 10.2 Using the Link entered Browsers

RESULTS AND CONCLUSION

RESULTS

Samples

Result

Sample 1

Captured Facebook id and password

Sample 2

Captured password of Netacad account

Sample 3

Captured shine learning account id and password

Sample 4

Captured password of Netacad account

Sample 5

Captured recently used website 1

Sample 6

Captured recently used website 2

Sample 7

Captured recently used website 3

Sample 8

Captured recently used website 4

Sample 9

Captured recently used website 5

Sample 10

Captured recently used website 6

Table 1.1 Results

CONCLUSION:

By conducting the practical about the 10 samples the complete sample given positive results the password, email id and most recently visited website addresses .By the end of the study it gives a clear view how the FTK is user friendly to the user and help-full for the investigations. It also provides the guidance to the ametures to make the password cracking attacks easy. The recent surveys gives the sharp point that the free software’s are dangerous to cyber forensic division in the way of increasing attacks tremendously. But an exact limit it is somewhat not readable format but also by using the different converting application we can claim it into human readable form.

REFERENCES

  1. Case Studies Cyber Security (www.Chub.Com)
  2. Guidelines Of Accessdata FTK Imager 4.2.1
  3. Digital Forensic by Dr. Nilakshi Jain and Dr. Dhananjayr. Kalbande
  4. 23 Free Forensic Investigation Tools (Www.Geekflare.Com)
  5. SANS Institute .Memory Forensics For Incident Response
  6. Scheier, Bruce (2007-11-01). “ Secure Passwords Keep You Safer”
  7. Dixon, Phillip D (December 2005) “An Overview of Computer Forensics.Ieeepotenials” IEEE 24(5):8.
  8. Casey, Eoghan (Fall 2002).”Practical Approaches to Recovering Encrypted Digital Evidence. International Journal of Digital Evidence. Utica, New York: Economic Crime Institute, Utica College.
  9. Top 20 Free Digital Forensic Tools (Techtalk.Gfi.Com)
  10. Passwords Crakong References
  11. IEEE Digital Library
  12. www.Techradar.Com
  13. www.Dumit.Wikipedia.Com
  14. http://www.Raw Images Capturing Tools.Com
  15. http://www.Tools For Password Cracking.Com
  • Authored By: Anishma Anil B,
    • B.Sc. Forensic Science (Aditya College of Medical Sciences, Andhra pradesh under ANUR university)
      • Pursuing M.Sc. Forensic Science and Criminology (Maharajah’s College, Mysore University)

Cryptography and Network Security in Digital Forensics
Introduction The two most important aspects of digital forensics are cryptography and …
Blockchain and Beyond: The Future of Forensics in Investigating Cybercrime
What is Blockchain? Blockchain is a decentralized digital ledger technology that enables …
Safe Social Networking: Tips and Techniques to Prevent Succumbing to Online Fraud
What is online fraud? Online fraud refers to any fraudulent activity that …
Cracking the Code: Understanding the Essentials of Database Forensics
Contents Recognizing Database Forensics: Recognizing Digital Hints Database Forensic Investigation Process Acquisition …
Uncovering Digital Crime: The Crucial Role of Forensic Services in Modern Security
In today's digital environment, the development of technology has led to increased …
Human Forensic DNA Analysis Process Map
SUMMARY Forensic DNA analysis is based on the principles of genetics and …
Acquiring Windows Operating System Credentials Through Bitlocker: A Digital Forensic Approach
ABSTRACT of Acquiring Windows Operating System Credentials Through Bitlocker: A Digital Forensic Approach …
Digital Image Processing in Forensic Science
Introduction Forensic science is the study of discipline involving scientific and technological …
Comparison of Mobile Forensic Tools to Extract Data from Various Android Devices
Abstract The invention of wireless technologies and mobile gadgets has drastically altered …
How to Secure Your Home Network from Hackers? |Forensic Field
In today's digital age, the security of your home network is more …
What is the role of Ground-penetrating radar systems in Geo forensics?
The geophysical locating technique known as ground penetrating radar (GPR) employs radio …
What is Cyber Forensics?
What is Cyber Forensics? Cyber forensics refers to the process of legally …
Role Of Color Filters And Light Sources In Crime Scene Photography
Introduction Crime Scene Photography is done by various experts with related legal …
Can a Cyber Forensics Expert Provide Evidence In Any case and Certify
Can any computer expert or cyber forensic expert provide and "certified" digital …
Types of Cybercrimes Against Women
Sexist hate speechCyber bullyingCyber HarassmentCyber StalkingDoxingDigital voyeurism or Creep shotsRevenge PornOnline Impersonation …
Stature Estimation From Finger Length Of The Indian Population
One of the most significant and practical anthropometric factors that characterizes a …
Medico-Legal Aspects Of Cases In Hanging, Road Traffic Accidents, Etc.
ABSTRACTINTRODUCTIONHANGINGTypes of HangingMode of DeathAUTOPSYExternal ExaminationInternal examinationPOST-MORTEM APPEARANCESIn case of suicidal hangingIn …
Dating Fingerprints
Fingerprint-a globally known word equally with its importance. Every individual owns a …
CCTV And it’s Uses in Criminal Investigation
Security is a top priority for many people around the world, and …
Biometrics and Cyber Security
As technology advances, new faults and threats emerge, making cyber security a …
error: Content is protected !!

Discover more from Forensic's blog

Subscribe now to keep reading and get access to the full archive.

Continue reading