I am not sure if this is where this should go but I will try.
I am a student in Homeland Security/Computer Forensics and we are doing a project in class that I would like to do a great job on. With this in mind I thought about asking you people for help.
First I will try to explain a little about the project then I will let you know what I need your help with; We are starting with the president of a college who (for the projects sake only) will be embezelling 1% of all donation funds to his own offshore account. A member of the IT Department who is doing routine work on his computer notices some strange files and decides to dig deeper. He discovers hidden documents about a fake employee in the Accounting Department who is doing the diverting for him. He also finds some emails from the pres. to the head of the HR Department and then some pictures of a beautiful house on an island. The member of the IT department takes his information to the campus police and they in turn call the FBI supposedly that is where I come in.
What I need your help with is some ideas of what kind of data I should hide and where and how I should hide it. I will be creating the suspect drive. Do you think any of you can help me?
Thanks in advance,
I'll try and start the ball rolling on this one…
You say the files are "strange" - how would the technician know this? On a routine day a technician would probably either be installing an application or checking the configuration on an already installed one, something like an email application is fairly common. Alternatively, the first thing you would normally do when working on a computer is either to click on the "My Computer" or "Macintosh HD" icon (for PC or Mac) or run the search function. In the first instance, you would immediately see a root-level file listing (possibly displaying an interesting-looking folder name) and in the second you might see an interesting-looking file name come up in the search.
As so many people have the small pen drives these days, it's possible that the data from the desktop machine is also on the pen drive or needs the pen drive in place to work properly (liked a linked Excel file).
Putting yourself in the position of a reasonably tech-savvy president(!) take a file on your own system - a Word document for example - and work out how you would hide it, such as
1) move the file into a system folder
2) rename the file
3) change the extension (so it will just give an error when opened in the associated program)
4) archive and/or encrypt it
5) all of the above
The fact that this is an embezellment should suggest the kind of documents associated with it - Word documents, spreadsheets, emails, etc. Also, Internet logs would show possible online banking or purchasing trails. On a final point, for the *really* savvy president, it is also possible to use a hex editor to paste the data of one file into a safe area in another one so this is an interesting technique that would allow you to hide data in an image file.
Hope that helps - and good luck!
Neil
Thank you Neil,
This has been a very interesting project and I have learned a lot from it I just hope the rest of my group has learned as much but then I doubt it because they have stuck with the things our instructor has suggested. I am the only one who has struck out on my own to ask for ideas and believe me between this forum and another group I belong to I have gotten some great ideas.
Thanks again,
If you want to be real cute - you can take your so called evidence files (spreadsheets and documents), zip each file independently and then use stego capabilities to hide the files in wallpaper images and mp3 songs. If you really want to create havoc - write a program to rewrite the zip file backwards before embedding the files. Oh! When you zip the files make sure you assign a password that altenates numbers, alpha, and caps. That should give keep the DHS boys busy. Also when you create your stego files - just don't create stego files that contain your data. Create a bunch of files using junk data files aka vendor pdf files as input. Also you should use a different password for each zip file. Enjoy the experience!
I am not sure if this is where this should go but I will try.
I am a student in Homeland Security/Computer Forensics and we are doing a project in class that I would like to do a great job on. With this in mind I thought about asking you people for help.
First I will try to explain a little about the project then I will let you know what I need your help with; We are starting with the president of a college who (for the projects sake only) will be embezelling 1% of all donation funds to his own offshore account. A member of the IT Department who is doing routine work on his computer notices some strange files and decides to dig deeper. He discovers hidden documents about a fake employee in the Accounting Department who is doing the diverting for him. He also finds some emails from the pres. to the head of the HR Department and then some pictures of a beautiful house on an island. The member of the IT department takes his information to the campus police and they in turn call the FBI supposedly that is where I come in.
What I need your help with is some ideas of what kind of data I should hide and where and how I should hide it. I will be creating the suspect drive. Do you think any of you can help me?Thanks in advance,
I'll solve it for you. The student did it, he had opertunity to access to the computer and the means to read and write files, and what student isn't motivated by money.
My advice don't hide anything, it would be enough of an excersise to go through the proper process of taking an image and processing the system.
But if you must
1. Avoid the white noise suggestion, good idea but…what does that teach?
2. Create a local email copy, a .pst file for outlook. Then delete it.
3. Use Excell on the system to make the suspect spread sheets, but save them to a USB drive/disk. Don't tell the students about it…make them come ask you for it.
Skip
I would naturally agree if this was a normal computer forensic course. Having the term Homeland Security in the title I naturally assumed an advanced level of education or technique.
First off! My intention was for the students to think outside of the ordinary box - given the basics of the scenario College president (highly trained individual – probably PhD), complexity (accounting department partner, embelezzing 1% of donatoins, diverting to off shore account). I would not consider a simple search for a spreadsheet on the hdd or within the message store, to be a suitable exercise given those facts. Yes stupid is as stupid does.
Plus! Mugwump did come to this forum for recommendations. Therefore, I initally excluded a simple textbook example of stash and dash techniques. I must have read too much into the request.
When I worked in DHS the level of hackers and their ilk were a lot smarter than dumping a file into slack space or stashing data at the top and bottom of the disk.
I should have explained my concept a little better by including the use of bread crums. Increasing the level of complexity at each level and decreasing the amount of clues. This would demostrate a mastery of certain skills and critical thinking at each level.
Skip/Mugwump my apologies!
First off! My intention was for the students to think outside of the ordinary box - given the basics of the scenario
I should have explained my concept a little better by including the use of bread crums. Increasing the level of complexity at each level and decreasing the amount of clues. This would demostrate a mastery of certain skills and critical thinking at each level.
Skip/Mugwump my apologies!
I like the bread crumbs approach.
I think that would be good for a class…but too much for a project.
But I guess, that even for a project you can do "bread crumbs" but on a smaller scale.
Like this Put a bunch of different stuff there…but don't make it all interconnected, no "trail" to follow.
Mostly disjoint stuff, somethings harder to find then others. Try to make it so that they can find the fist 2 things easy, the next to things would be harder, and the last 2 things near impossible.
"Grade" them on their approach more then their success (since some things are impossible to find).
That would challenge them, demonstrate techiques, faciltate discussion…and it may be fun. You have to remember they don't know these things going in…and the project should teach them something new.
Skip
What I need your help with is some ideas of what kind of data I should hide and where and how I should hide it. I will be creating the suspect drive. Do you think any of you can help me?
This sounds like fun. twisted Create your spreadsheets and word files. Then encrypt them using an encryption program that uses another file as a one time pad. The files used for one time pads can be created from JPG files created at different quality settings from an original BMP file and then destroyed.
Then stego these encrypted files into the compressed parts of pdf files. The pdf file's compression uses the zlib, which is easily modified for stego.
Then download a lot of those useless stego programs from the net and stego junk into MP3, JPG and lots of other image files. Download loads of text files and hide them in the slack space of the drive.
Hope that helps twisted