Time
10 hours 28 minutes
Difficulty
Advanced
CEU/CPE
15

Video Description

This lesson covers the role of hashing in digital forensics to protect the integrity of files. This lesson focuses on protecting data at rest through the use of full disk encryption, file encryption and code signing.

Video Transcription

00:04
all right. Hashes refused additional forensics. You know, when we do talk about digital forensics, one of the things that is gonna be so important is that we're able to guarantee the integrity of files. If we present a hard drive to be used as evidence in court, we have to be able to show that
00:23
hard drive has been modified,
00:25
that none of our analysis has modified the confidence of a drive, and it's so easy to modify the contents of a drop.
00:33
Well, we have to make sure that you know what? We'll talk about this with forensics, but we'll use hash it. We'll take the driving. We'll hash
00:42
that won't analyze it, hash it again,
00:44
and we'll make sure that the hashes match so that we can be able to prove our investigation didn't change the evidence. So obviously we have to. Why protect the drive? Because even something is facing his opening folders modifies the hard drive, modifies the date, so hash is a very important part. Official, for instance,
01:07
once again hashing algorithms, Indy five don't use so much more child. One is what we're using. Mostly, although there's a definite shift to shop, too, and shot two is often referred to as a shock to 56. I think that's what you'll hear. War obviously 256 half
01:26
now additional signatures made up of a hash. And then that hash. It's encrypted with senators. Private Heat,
01:34
the algorithm that encrypts with singers Friday He is our essay
01:41
and R S A. Is the algorithm that satisfies this one testicle that satisfies the digital signatures
01:49
or is a is the asymmetric help
01:53
that said slots the digital signature she'd remember hashes are neither symmetric more basement there just one way that
02:00
just another quick, um, loose ends to tie up here. You know, Data operates in different states. What we mostly been talking about eyes we talked about batted in trends.
02:16
You know, I've got a message I'm gonna send to you on a hash it before I send it out saying that you should hear the ashes.
02:23
So we're talking about data that's traversing the Net. Dad in transit. We also have to think about that at rest. You know, data that's residing on my hard drive, it's there. If it's not protected, it's open. Anybody that can access the machine can access that that. So certainly that sensitive information we're concerned about more than just
02:44
across the network.
02:45
We want to protect its short loop.
02:47
So, um, most operating systems have filed a little friction
02:53
myself. Windows uses something called Yes, that's which is five encrypted file system.
03:00
So you getting pricked falls within the operating system.
03:04
The problem with that is you encrypt files within an operating system.
03:12
If someone were to steal the hard drive out of your computer
03:16
and place that hard drive into a system running a different operating system,
03:22
they might be able to access some aspects of your file.
03:25
So, for instance, I've got this machine. It's a Windows box I've got since the files. I ripped them all.
03:31
Well, an attacker comes along later. Nine removes the hard drive from my window system,
03:38
takes home, puts it in his limits. Fox
03:40
linens doesn't really hear that much about B. F s. Now, that doesn't mean just because we've put it in the limit spots. The Packer can see all the contents of the file, but at the very least they see the file name they can see you take. The file was created and Sometimes, you know, they may be a few other property. Sometimes that's enough to indicate
03:59
whether or not documents sensitive or relevant. So
04:02
what we want is we would have used something called full disk encryption
04:08
and that often utilizes a chip called T P M
04:13
Trusted Platform
04:15
and the Teepee and trusted platform model. This isn't ship that's been built on, the mother warns. Most motherboards you fought in the last seven or eight years minimum
04:27
come with the TV on ship Trusted Platform
04:30
A. That ship is on the motherboard, and essentially, if you choose to use software that will do this and when those product is that locker incredibly familiar. You may be heard,
04:43
bit Walker, But then there are also other third parties.
04:48
PGP does that.
04:50
There are other other applications that will do that. But essentially what happens is the entire drive is encrypted,
04:58
and the key to unlock that drive is stored on the chip on your mother.
05:02
So that leaves my steals. Your heart drug puts it in a box at home. They don't have access to the key to unlock the drop,
05:11
so this is called full disk encryption. Whole drive encryption you know, however, you want to say it, but it's based on having trust the platform month. At least it was originally. Now applications have been locker to go. What do you know? Which means you can store that key and a thumb drive
05:28
you can sworn on other touch of media. You can even back it up.
05:31
Director, your directory service is so it's becoming much more flexible because when I first heard about this, terrified me was all I could think about this money, krypton, their hard drive.
05:42
He's on a chip in the board blows, and they can't access the contents of their hard drive because we know we can't count on users to back those things up.
05:50
So being able distort places other than just the teepee and chip is very helpful for that. Which is also why, if you, you know if you use Windows or not, you know when there's always has different versions, has home versions and professional virgins. The home versions do not support bit locker for that very reason,
06:10
they know they can't count on the whole user
06:13
to necessarily be aware of the teepee and shipped to back up their teams, so they don't even make it part of the problem.
06:19
So full description following Christian Last thing, I'll mention his coach signing tomorrow or the next day. We're gonna talk about distributed home that you would access on the job
06:34
job script
06:38
at the backs and we could go all in on with code that could potentially be harmful. Pretty much in code for kids would be harmful, but, for instance, about browsing websites now download a little job, apple it or run a job, a little strip with job script. I want to make sure that
06:58
anything that one's on my computer
07:00
from an unknown website or even another website known websites get compromised all the time. I'm gonna make sure that any code I allowed a run on my computer is from a trusted source, and that hasn't been modified in transit.
07:15
So what does that mean?
07:17
I needed a digital sign.
07:19
Instant as we refer the certificates is code signing.
07:24
So once again, very sign says, Yeah, this control, this is from Microsoft, and it's often hasn't been modified to prove it came from Microsoft or whatever the entity is. So this is just more building on the ideas that we talked about.
07:42
And I think with the further chapters, because this is pretty wanting in cryptography. This is the last of it.
07:46
I think what you're gonna find is everything that we talked about today, where she can continue to build upon tomorrow with next day. And the next day you were looking to provide these fundamental ideas of security. We need integrity. Need confidence? Yeah,
08:01
we need authenticity. Resource is to guarantee that what we're doing is something one that harnesses
08:09
cryptic, very big domain. I'm not saying it's huge on the test, maybe 15% of the test material, you know, give or take. But it's a very large topic. Your questions come from anywhere in here. So once again, I'm gonna go online. You go back through with you, you're knows things that
08:28
tend to be particularly tricky for people.
08:31
Is that privacy, authenticity, integrity, non aviation, he's. And how we get that through asymmetric cryptography.
08:39
What symmetrical time? Because sporting and how we use the tooth gathering Heiberg like SSL. So that's certainly a particular piece to focus on. And then I will take that and be able to expand. Okay, So here's how it looks. With S S l have certificates coming
08:56
and understanding. Hash Matt. Individual signature in all those Certainly good with you of the cryptic chapter before we would move on to the next couple checks the next chapters of the Enterprise Security. It's another very large chapter. It's very broad topic. I mean,
09:16
enterprise security is how we secure our entire environment. That's that's very yeah, there's lots of little elements that make sure before you move on, you're solid.

Up Next

CompTIA CASP

In our online CompTIA CASP training, you will learn how to integrate advanced authentication, how to manage risk in the enterprise, how to conduct vulnerability assessments and how to analyze network security concepts and components.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor