If someone uses the PKI infrastructure to send secure emails, what type of forensic evidence will be left behind?
If someone uses the Public Key Encryption (PKI) infrastructure, professionals can obtain only digital evidence that reveals encrypted traffic and the public key used by two parties involved in the communication of some data (Tubewar, 2010). However, the private key that allows to find out what information was transferred will not be obtained as it is usually never sent from one person to another and remains hidden (Itfreetraining, 2013a). Still, this information is critical for the professionals as it is the only thing that allows them to find out what was written.
If someone accepts or associates a certificate to view a website in a browser, what type of forensic evidence will you find?
If someone accepts or associates a certificate to view a website in a browser, forensic investigators get a chance to gather a lot of helpful information. In this way, it will be possible to find out which authority issued it. Moreover, there is an opportunity to get to know who owns this certificate. As a result, the professional can define when it was used and if it was used by the same person to whom the certificate was issued. An expiry date can be found as well as the private code utilized by the user and digital signature (Itfreetraining, 2013b).
Can a subject of an investigation be compelled to provide a password for an encrypted file?
A subject of an investigation may not be compelled but asked by a professional to provide a password for an encrypted file. Of course, people’s private information is protected by The Fifth Amendment; however, the investigator can ask one to provide not only the passwords but also the keys during the interview. As no key disclosure laws exist in the USA, this information cannot be demanded. As a result, a subject has an opportunity to “forget” to give this data. The court has a right to repeat the request and sometimes even to order one to provide the keys, insisting on incarceration in case of reluctance to obey. Still, such a situation does not appeal to the court, and the forces are often put at “cracking” the code after hearing (Wolfe, 2003).
How can a subject of an investigation avoid providing a password?
As it was mentioned previously, the subject of the investigation is not obliged to provide a passport if one is not willing to. When having an interview, one rarely refuses to give the information directly; this person can alter the topic of the conversation when being asked about the password and then just do not refer to this question again. It would look as if the subject just forgot that he was asked to reveal this data. The suspect can just say that he/she does not remember the keys at all. One is also able to keep silent and hide information (Wolfe, 2003).
What are six alternatives (identified in the Wolfe paper) for obtaining a password without a subject’s cooperation?
In his paper, Wolfe (2003) states that the information can be obtained without the subject’s cooperation. He claims that forensic investigators can crack the code if it is weak enough. They have an opportunity to use a dictionary search for the potential key, as a suspect system is very likely to include this information. It can also be advantageous if professionals gather all available information about the subject. Rather often, people use things familiar to them when they need to create a password not to forget them. In this way, search for a badge number can be a good alternative. As legislation differs in various locations, forensic investigators can target encryption software from where it is totally legal. Finally, products backdoor-access can be used to save the situation.
What technique was used by the child pornographer discussed in the Wolfe article to finally obtain his password?
In the case discussed in Wolfe’s (2003) article, professionals considered that they could crack the code, but then this decision was altered. As a result, they successfully utilized the third alternative method and found out the password when gathering the information about the suspect (the badge number).
STARR, DIRT, and Magic Lantern offer a disturbingly intrusive surveillance capability. Explain what that is, and offer an opinion on whether or not you think somebody from another country might be using a similar capability against you?
Various software programs and hardware tools provide an opportunity for disturbingly intrusive surveillance capability, which means that they allow to “enable the capture of passwords and/or encryption keys” (Wolfe, 2003, p. 390). They can be used to track one’s actions and control them by logging keystrokes, for example, and gathering received data. Personally, I believe that people from other countries are not likely to use a similar capability against me, as such tools often require warrants and authorizations. Being discovered, this “investigator” may face legal issues, as the laws of both countries can be considered.
What is the purpose of KeyKatch and KeyGhost, and under what circumstances would they be used?
KeyKatch and KeyGhost are tools that can be used for surveillance. They are hardware-based programs that provide an opportunity to log keystrokes. They are often used to receive passwords. Investigators can substitute the suspect’s keyboard with the one that has KeyKatch or KeyGhost to get the keys when they are typed. These tools can even be used in organizations during security assessment (Simpson, Backman, & Corley, 2013).
How is a smart card (CAC Card) used in the PKI?
The Common Access Card (CAC) card is used for security purposes. Its usage proves that the individual has a card and knows the PIN. As a result, the process of authentication is maintained rather fast. The card requires up to three PKI certificates. Generally, the one needed for identification is used. Sill, depending on the tasks, signature, and encryption ones can be needed (Technology Assistance Center, 2007).
References
Itfreetraining. (2013a). Symmetric key and public key encryption. Web.
Itfreetraining. (2013b). What are certificates?. Web.
Tubewar. (2010). How SSL works tutorial – with HTTPS example. Web.
Simpson, M., Backman, K., & Corley, J. (2013). Hands-on ethical hacking and network defense. Boston, MA: Cengage Learning.
Technology Assistance Center. (2007). CAC/PKI user’s guide. Web.
Wolfe, H. (2003). Encountering encryption. Computers & Security, 22(6), 388-391.