Common encryption practices
Weaknesses of encryption
What to do when you find encrypted data
Computer forensics is all about perspective and process. Your main perspective must be as a neutral party in all activities. You approach each investigation the same way, ensuring that it is repeatable and sound. After you identify and preserve the evidence, you analyze it to determine its impact on your case. In many situations, the actual evidence is protected from unauthorized disclosure. When searching for evidence, you, the investigator , might be unauthorized from the data owner's perspective. It all depends on who owns the computer and who hired you. You need to know how to exercise your granted authority and access data that is protected. The two most common controls used to protect data from disclosure are access controls and encryption. This chapter covers the most common type of access control, the password, and the general topic of encryption.
You'll learn basic techniques to obtain passwords and access encrypted data. This chapter won't cover the mathematics behind encryption in much detail. Such a discussion is beyond the scope of this book. However, it will cover the basic types and uses of encryption and how to 'get to' data that has been encrypted.