Future issues for Computer/Digital Forensics
Hi, I am new to these forums but have been on the email list for a little while.
I work in CF in LE in Australia and am studying for my Masters Degree. I am currently doing a research project towards this degree.
I am writing a paper on the future issues for CF and solutions that may be already available or on the horizon to aid in resolving these issues. By surveying a number of CF practioners in my local area I have identified what they consider to be the three most important issues and am concentrating my paper on these.
- Data Storage Volume
- Mobile Devices/Phones
I would appreciate some input into specific points I should look at underneath these areas. For example, issues for Mobile Devices are tool availability/compatibility and also correct forensic process. Also Data Storage Volume is a double-edged sword, more data to analyse and more data to store for future legal requirements. For encryption, rainbow tables are a possible aid?
What can help with these things? How do people believe they should/will tackle these issues in the future?
I thought rainbow tables were a wonderful idea until i learned about salted hashes which renders them next to useless IMO. Then again, if you are going to brute force a password why not save your work instead of doing it again. In that respect they are better than brute forcing everything but are not a silver bullet.
Also think about your hash you are trying to crack. A simple and interesting example of this was when I used to play Quake 3 a few years ago. There were a few key generators, but none of these keys were valid since id software used a server to validate all online players. They also used to identify players by a GUID which was a truncated hash of the player's cd key. If you looked closely these cd keys only used 0-9 and A-F IIRC. Thats only 16 characters which is a far cry from case sensitive alpha numeric. Someone finally saw that it would be a good idea to capture hashes of people in game and compare them to a rainbow table populated by output from the keygen. Eventually this scored the cd key of everyone in the community.
I didnt even think of this until i lost my cd key. Its pretty simple and clever and i wish i thought of it first. I just wanted to show that a problem that may look insurmountable when talking about the number of permutations could turn out to be pretty simple if the number of possible inputs is known. It could make your needle in a haystack hunt much easier or your password security useless.
With mobile devices I would touch on blackberries. I hate them but everyone who considers themselves important has one for email. Ill actually have to google and find out if any papers have been written on them yet. Im sure there has been something.
Ok thats the end of my uncohesive rant. Hopefully it may get other people talking or at least you thinking.
Thanks for the reply debaser_ I appreciate any input I can get. I have done a fair bit of research myself but it helps when other people introduce me to new ideas. For example I have not heard the term "salted hash" before so I will have to look into in and see if it is relevant to my research.
Feel free to contact me with any questions about mobile devices/phones.