CCJS 321 Digital Forensics in the Criminal Justice System
Week Discussion # 5 Encryption Investigation
This week’s reading gives you basic technical information about passwords and encryption, and how to recover data protected by these mechanisms. There is also a section on Steganography, which literally translated means “covered writing.” When some people think of steganography, or “stego,” they think of documents or other data files being hidden in other file types (usually image/picture files). Interestingly, the use of stego goes much farther back than the use of computers. Like cryptology, steganography is used to hide something within something else. So, even though a code breaker can detect the hidden code, they may not be aware that the code actually contains a different message. Cryptography scrambles a message so that it is unreadable, but still visible, while stego camouflages data to hide it or make it undetectable. This course is not meant to teach you about the technical details of encryption, passwords, or steganography (entire books are written on each of those subjects), but rather to help you understand their place in the criminal justice process.
Does a warrant give you the authority to break passwords protecting information or to decipher encrypted data? This is a very important question. As many of you have discussed, it is important to make sure you know the limits of your warrant. But while you are conducting a search with a properly executed warrant, you may come across other information that is not included in your scope but is still evidence of a crime. For example, imagine you are searching a hard drive for information related to a fraud scheme. While you are looking through the files you come across a picture that is obviously child pornography, but you do not have child pornography addressed in any way by your warrant. What do you do? The proper response is to stop the search and obtain another warrant for evidence related to child pornography. The same thing applies to discovering encrypted data. In your affidavit you should explain that criminals sometimes encrypt files that contain evidence. Some may even use stego techniques to hide other files.
This week I would like you to do some research on encryption and steganography. First, list five (5) examples of how steganography and (5) examples of how encryption or cryptology were used BEFORE the advent of computers. Then, discuss how steganography or encryption could be used legitimately, and why this could cause you a problem as a computer forensic examiner. Please discuss you answers thoroughly. Make sure that you cite and reference at least (2 sources) per category to substantiate your response.
