Quiz 5 Study Notes CSC111 :: Fall 2012 Topics and Notes 1. October 19 th Full disk encryption Live capture reconsidered Possibly use data recovery mechanism Find user password UK law requires turnover of key; US 5 th amendment Key escrow controversy escrow =df a deed, a bond, money, or a piece of property held in trust by a third party to be turned over to the grantee only upon fulfillment of a condition. (Merriam-Webster) Gaining password If lucky in swap space, in RAM Brute force Password reset Dictionary attack Steganography Carrier file Payload Difficult to detect Tough, if not impossible, to extract payload 2. October 22 nd & 24 th Data destruction
Drive wiping quality of tool; skill of user Telltale marks of use, e.g., MRU Apple options zero out, 7-pass, 35-pass Bradly Manning case zero-filling Data remanence the residual representation of data that remains even after attempts have been made to remove or erase it. How counter overwriting, degaussing, encryption, physical destruction Defragmentation the process of locating the noncontiguous fragments of data into which a computer file may be divided as it is stored on a hard disk, and rearranging the fragments and restoring them into fewer fragments or into the whole file. Defragmentation reduces data access time and allows storage to be used more efficiently. Some operating systems automatically defragment storage periodically; others require that the user occasionally use a special utility for this purpose. 2. October 26 th Sammons, chapter 7 legal isses Perpetual catch-up 4 th Amendment Issues: < probable cause < oath with place, person, things < expectation of privacy < does not cover search by private citizens Expectation of privacy
Individual files? 5 th vs. 10 th circuit Knowingly exposed info Email Protected enroute Not at destination Wiretap Act Electronic communication ECPA bans third party from intercepting, disclosing ECPA CALEA Patriot Act 2001, 2006 Virginia Governor case Alaska Governor case anticipatory obstruction of justice Warrantless searches Consent authorized person, (proven to be) truly voluntary, may be revoked at any time (except for clones); scope of consent? Consent forms Consent by 3 rd parties authorized person? Common area? Password protected? 1 st person present? Who spouses, sometimes parents, technicians courts are split Exigent circumstances 1 immanent threat of destruction 2 danger to law enforcement or public 3 prevent escape Plain view doctrine, if already in permitted area Separate crime separate warrant Border control greater latitude Workplace issues may or may not have expectation; gov t employees different 3. November 2 nd
Bill of Rights What first 10 amendments (+ mystery amendment) Why During the debates on the adoption of the Constitution, its opponents repeatedly charged that the Constitution as drafted would open the way to tyranny by the central government. Fresh in their minds was the memory of the British violation of civil rights before and during the Revolution. They demanded a "bill of rights" that would spell out the immunities of individual citizens. Several state conventions in their formal ratification of the Constitution asked for such amendments; others ratified the Constitution with the understanding that the amendments would be offered. In the ratification debate, Anti-Federalists opposed to the Constitution, complained that the new system threatened liberties, and suggested that if the delegates had truly cared about protecting individual rights, they would have included provisions that accomplished that. With ratification in serious doubt, Federalists announced a willingness to take up the matter of a series of amendments, to be called the Bill of Rights, soon after ratification and the First Congress comes into session. The concession was undoubtedly necessary to secure the Constitution's hard-fought ratification. Thomas Jefferson, who did not attend the Constitutional Convention, in a December 1787 letter to Madison called the omission of a Bill of Rights a major mistake: A bill of rights is what the people are entitled to against every government on earth. 4.
November 5 th Lessons from Cuckoo s Egg 1. Don t ignore minor glitches e.g., $.75 Comment: This set the hunt into motion 2. Tiny details can yield huge clues 1200 baud Comment: Points to dial-up line; i.e., outside the building e.g., ps axu vs. ps eafg Comment: Two flavors of Unix hints re location and/or background of suspect 3. Know the law! Comment: Need warrant to record? p. 17 Need warrant to trace phone line? p. 31 Where are warrants good? p. 57 CA no good in VA No need for a search warrant to trace phone call p. 89 4. Must have evidence p. 15 Comment: Why are you wasting my time? You don't know anything and you haven't proven a whit. Go back and find out. Show me proof. 5. If someone closes the door, look for a window p. 90 Comment: Phone company won t cooperate, try combinations of info you already have
6. Finding evidence is hard work e.g., setting up 50 monitors for 50 phone lines 7. To cut down search space, focus on anomalies 8. For surveillance must stay hidden p. 28 Comment: Watched Unix-4 & -5 from new machine, Unix-8. Created one-way moat. 1st thing hacker did was check system software for changes; would have seen that a program had been written to look for him. 9. If you don t write it down, it didn t happen p. 24 Comment: Review of notes later proved helpful. 10. Don t have too narrow a focus p. 47 Comment: Hacker used other accounts, not just Sventek s.