After you gain access to the files that contain evidence you need, you may find that the file itself is unreadable. As computer investigators begin to use more sophisticated tools to investigate, the bad guys, and good guys alike, have learned to take more sophisticated steps to hide information. One method used to hide information is to modify a message or file in such a way that only the intended recipient can reconstruct the original.
Cryptography is used to scramble the contents of a file or message and make it unreadable to all but the intended recipient. In the context of a computer investigation, the investigator is an unintended recipient. The word cryptography comes from the Greek word 'krypto,' which means 'hidden,' and 'graphein,' which means 'to write.'
The science of hiding the true meaning of a message from unintended recipients.
Although cryptography's importance has become more widely acknowledged in recent years, its roots can be traced back 5,000 years to ancient Egypt. The Egyptians used hieroglyphics to document many rituals and procedures. Only specially trained agents could interpret these early hieroglyphics.
Obscure a message's meaning to make it unreadable.
Later, around 400 B.C., the Spartans used an innovative method to encrypt , or hide, the meaning of military communication from unauthorized eyes. They would wrap a strip of parchment around a stick in a spiral, similar to a barber's pole. The scribe would write the message on the parchment and then unwind it from the stick. With the parchment stretched out, the message was unintelligible. In fact, the only way to read the message, or decrypt it, was to wrap the parchment around another stick of the same diameter and equal, or greater, length. The 'secret' to reading the message was the dimensions of the stick and the knowledge of how to wrap the parchment. Anyone who possessed these two components could read a secret message.
Translate an encrypted message back into the original unencrypted message.
Roman Emperor Julius Caesar was the first to use a cryptography method, or cipher , similar to the decoder rings that are popular as children's trinkets. He used the method, called a substitution cipher , to send secret messages to his military lead- ers. In this cipher, a message is encrypted by substituting each letter of the original message with another letter. A substitution table provides the static mapping for each letter. The recipient decrypts the message by reversing the process. The recipient translates each letter from the encrypted message to the original letter by reading the translation table backward. The resulting message is identical to the original. One must posses the translation table to encrypt and decrypt messages using a simple substitution cipher. The main weakness of the cipher is the table itself. Anyone who discovers or acquires the translation table can decrypt messages.
An algorithm for encrypting and decrypting .
Although the algorithms used in today's encryption implementations are far more complex than the Caesar cipher, the basic approach and goals are the same. Let's look at some common practices in encryption.
A cipher that substitutes each character in the original message with an alternate character to create the encrypted message.