Hiding Behind the Keyboard
Uncovering Covert Communication Methods with Forensic Analysis
Brett Shavers
John Bair
Larry Leibrock, Technical Editor
Table of Contents
Copyright
Syngress is an imprint of Elsevier
50 Hampshire Street, 5th Floor, Cambridge, MA 02139, USA
Copyright 2016 Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
ISBN: 978-0-12-803340-1
For information on all Syngress publications visit our website at https://www.elsevier.com/
Publisher: Todd Green
Acquisition Editor: Chris Katsaropoulos
Editorial Project Manager: Anna Valutkevich
Production Project Manager: Punithavathy Govindaradjane
Designer: Matthew Limbert
Typeset by TNQ Books and Journals
Foreword
In the Introduction to Hiding Behind the Keyboard, Brett Shavers is far too modest in saying if you get one nugget of useful information from it, then his writing the book will have been worthwhile. Instead, you will surely find, as I did, an impressive cornucopia of golden nuggets throughout these pages.
A broad landscape of technical topics is thoroughly presented here, including encryption schemes and methods; steganography; the Tor browser; the TAILs operating system; password cracking; decoy storage devices; time stamp modification; file signature manipulation; bootable operating systems; using media address control (MAC) to identify source; portable apps; hidden and decoy operating systems; virtual machines; key loggers; antiforensic methods; electronic intercepts; trap and trace/pen registers; determining digital identity; navigating the Dark Web; and much morePhew! Equally impressive are the numerous practical tips and examples in the book that come from Brett Shavers many years spent in law enforcement and cutting-edge computer forensics.
Also valuable on the subject of smartphones and other portable devices are two exquisitely detailed chapters contributed by Tacoma Police Detective and University of Washington Lecturer, John Bair.
It would be selling this book short if one thought its sole focus was on how cops, robbers, and terrorists play hide-and-seek on the increasingly critical battlefield of computers, smartphones, transmitted electronic files, networks, and so on. It is also about making sure anyone who has to deal with vital digital information, whether on storage media or live, is fully aware of all the tools out there to find and analyze not only what the bad guys are doing, but also what you can do to counter them. In other words, the book shines a bright light on knowing what you dont know so you dont pass up opportunities to find information so important and sensitive that a multitude of sophisticated ways have been employed to hide it.
Besides those who serve in frontline law enforcement, lawyers who practice in both criminal prosecutions and civil litigation need to read this booknot necessarily for a complete understanding of the technical content, but rather to understand what can happen with electronically stored information, and what options exist to detect it when purposely hidden. I am not ashamed to admit, even after practicing law for 40 years, first as a prosecutor and then as a civil litigator, with the last 20 of those years working primarily as an e-discovery expert witness and forensic examiner, that much of Bretts book offered me one fact or methodology after another that was new to me, and where I thought I knew something about a topic but in fact didnt.
This book also has several useful tips on what to do next if you think the digital evidence or lack thereof is taking you nowhere. Many practice tips throughout the book are alone worth the price of admission.
And when it comes to computer forensics, there is nobody anywhere I know who can match Bretts breadth and depth of knowledge, and I have had the good fortune to know some of the best. Is there some new forensic utility that does this or that? He is all over it. Is there a need to develop a self-executing set of programs on a CD or USB drive to render a target device read-only and shut down all other data ports for the examination? Well, OK, he writes the code for that and gets access to what he needs. Hes fully versed in EnCase Forensics and like many experts happy with how it works; but then X-Ways Forensics comes along, and he wonders could that maybe do more? So Brett totally immerses himself in it for hours and days, he likes the tool, and then coauthors a book about it ( X-Ways Forensics Practitioners Guide )!
It is no wonder, then, that he has served as an adjunct instructor at the University of Washingtons Digital Forensics Program; as an expert witness and digital forensics consultant; as a speaker at numerous conferences; and as a blogger on digital forensics.
And yet for such a gung ho guy, whenever we meet up at Starbucks to solve the problems of life and the world, he looks and softly talks like a Buddhist monk.
So congratulations to you on buying this book, because with it you get so many fruits from Bretts genius and remarkable life along with it.
Larry G. Johnson, Attorney and Forensic Technologist, Electronic Data Evidence, Newcastle, Washington
