+1 (229) 255-3712
glass
pen
clip
papers
heaphones

by | Jun 29, 2025 | Home/Computer Science

by | Jun 29, 2025 | Home/Computer Science

  

Start Here

In the last few years, a few legal cases have made headlines where encryption of personal cell phones possibly containing evidence has hindered investigations.

There are a variety of tools and techniques to perform encryption and its counterpart decryption. Because encryption often uses a mathematical element, decryption is generally best performed in an environment that is optimized for mathematical operations.

Video games and other graphic intensive applications are also mathematically intensive, so the video game environment can provide insight into architecting a decryption environment. Graphic cards can be 50 to perhaps 100 times faster at processing decryption than a normal CPU and physical memory (RAM).

Ultimately, using an specialized decryption environment that has the ability to leverage one or more high-speed graphic cards can be a tremendous boost in decryption time.

The development of cloud computing in recent years has also affected forensic investigations. As more files are stored in the cloud, the chances of evidence being in the cloud has also increased. In this project, you'll spend some time thinking and writing about this issue as well.

Yvonne, your manager, has asked you to continue to assist law enforcement by working to recover case-related information from encrypted files and artifacts that the law enforcement team has not been able to access. She believes that the case can be cracked with the evidence contained in the encrypted files, so this has become a priority.

This project has five steps. In Step 1, read about encryption. In Step 2, you will use EnCase to attempt to decrypt a number of different types of encrypted files. The computer images are small, so processing time isn't as long as it would be if there were large computer image files to work through. After you complete the lab, go to Step 3 to write your forensic report. Then, in Step 4, research and evaluate how cloud computing is affecting the field of digital forensics. Finally, submit your report on cloud computing in Step 5.

Now that you have an idea of the tasks ahead, review the scenario below before moving on to Step 1.

select transcript for more information

Click to read the transcript.

Your 11:00 meeting with Yvonne, your manager, just started. The topic for discussion: further investigation of the malware attack and decrypting the attacker’s files.

Yvonne: Excellent work on the malware analysis.

You: Thanks!

Yvonne: A few team members attempted to decrypt those files attached to the e-mails but haven’t had much luck. Can you take the lead on helping them out?

You: Sure. I’ll work on the files in the virtual machine.

Yvonne: I like your plan. We’re all eager to get to the bottom of this case, so keep me updated on your progress.

Your work will be evaluated using the competencies listed below.

  • 3.4: Employ software applications and analytic tools to analyze, visualize, and present data to inform decision-making.
  • 6.7: Access encrypted data or process data and systems that have been subjected to anti-forensics techniques.
  • 7.1: Conduct forensic analysis on a database system.
  • 7.2: Ensure evidence integrity.
  • 7.3: Utilize investigation techniques.
  • 7.4: Utilize scripting (programming).
  • 9.1: Examine Data Storage and Transport Technologies.
  • 9.2: Evaluate Enterprise Architecture.

    Step 1: Familiarize Yourself With Methods of Forensic Decryption

    While a variety of digital forensic tools exist today, here you will focus on encryption and decryption using EnCase to attempt to decrypt a number of encrypted files.A variety of approaches can be used to attempt decryption, including for example, the use of brute force and creating word lists based upon your investigation facts. However, in this project, you will follow specific instructions in your lab assignment to gain access to identified encrypted files.
    Normally it is a good practice to attempt to locate encrypted files and artifacts for forensic evidence prior to conducting a decryption attack, so that you can plan for the best approach. An analogy can be found in the world of sports: If you know the tendencies, strengths and weaknesses, and general appearance of your opponent, it is easier to prepare for a successful competition. Similarly, you could try dictionary attacks, but if you have a sense as to the encryption technologies used and how encryption may have been employed in a digital forensic situation, you can prepare a more focused and refined decryption approach.Decryption attacks can take hours, days, even months to conduct, and waiting for the success or failure of the attack can be a lesson in patience. However, this is also a good reminder that planning a decryption attack to be as focused as possible can save considerable processing time.When approaching offline password cracking, remember that it is common for someone to write down a password for logging into a computer or website. Another fairly common practice is for individuals to document in some way the passwords used when encrypting a file or storage device. People may create a file that contains passwords, then store it on the computer or perhaps email it to themselves for later retrieval.Another decryption approach is to use various dictionaries, various languages, and subject areas. The subject areas may be relevant to the area of interest in the case. For example, a case involving drugs may include slang terms or regional expressions specific to the drug culture.
    You can begin the decryption lab in the next step.

    Step 2: Decrypt Identified Files

    Within EnCase are several different tabs that provide an organized way to review files and artifacts relating to the images of interest. Take advantage of the tab interfaces to try to locate files that may be encrypted, and to look for clues that may provide insight in the decryption attack that you are preparing.You will be able to watch the progress of the processing routines, which should take less than 10 minutes. As you work through the case creation and processing steps, keep notes of what you did for inclusion in your final report. Don't forget to describe the concept of evidence groups in your report.

    Lab Instructions

    To obtain lab assistance, fill out the support request form.Make sure you fill out the fields on the form as shown below:

    • Case Type: UMGC Virtual Labs Support
    • Customer Type: Student (Note: faculty should choose Staff/Faculty)
    • SubType: ELM-Cyber (CST/DFC/CBR/CYB)
    • SubType Detail: Pick the category that best fits the issue you are experiencing
    • Email: The email that you currently use for classroom communications

    In the form's description box, provide information about the issue. Include details such as steps taken, system responses, and add screenshots or supporting documents.
    In the next step, you will write up your forensic report

    Step 3: Write Decryption Attack Forensic Report

    Once you have completed the decryption attack in the EnCase Lab, write up your findings by applying the now familiar Guidelines for Writing Forensic Investigation Reports. Submit it for feedback after reading the instructions below.Submit your assignment to your instructor for review and feedback.Follow these steps to access the assignment:

    • Click Activities and Assessments in the top navigation bar.
    • Click Assignments.
    • Select the relevant assignment.

    Once you have completed this step, you are ready to go think and write about forensic work in the cloud.

    Step 4: Research and Evaluate the Challenges Presented by Cloud Computing

    Cloud computing, a service that offers data storage and services to businesses and individuals, presents significant challenges to the field of digital forensics.As an option for convenient offsite storage of large volumes of data, popular cloud platforms offer services that can be attractive to organizations, including infrastructure as a service, software as a service, and platform as a service. These additional services allow organizations to expand productivity without adding costly services in house, while storing additional organizational data on the provider's servers. As opposed to virtualized environments that offer additional resources at a fraction of the traditional cost, cloud systems are offsite, remote repositories.The National Institute of Standards and Technology (NIST) provides numerous guidelines on the cloud. NIST defines the cloud computing as "a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction" (NIST 2011b, p. 2). Providers offer services in different cloud infrastructures, including private, public, community, and hybrid (NIST, 2011a).Cloud challenges in the field of digital forensics include ownership data/control of evidence and data location. The digital forensics steps of acquisition and preservation are both impacted by cloud storage, since data may be housed in multiple states and countries (so, governed by multiple jurisdictions), and at this point there is no way to guarantee all of the data is retrieved, even when the provider agrees to access. Further, many users interact with cloud services using mobile devices, which adds the complexity of proliferation of endpoints, as communication channels can involve multiple towers and hops.The advantages cloud computing offers to organizations and the handling of big data are the same reasons cloud crime has escalated. Cyber criminals can use cloud ervices to conduct malicious activities and then easily leave one service to join another, erasing their digital footprint as the vacated space is quickly written over by the provider. Cybersecurity has a complicated interdependency with cloud, according to the NIST roadmap, which "presents certain unique security challenges resulting from the cloud's very high degree of outsourcing, dependence on networks, sharing (multi-tenancy) and scale" (NIST, 2014).The popularity of cloud computing, paired with its unique challenges, makes this technology an important issue for digital forensics. Legal challenges of the cloud involve privacy and jurisdiction, spanning the globe while inviting misuse. Adding to the challenges is a pervasive lack of proven tools for investigators and law enforcement to handle cloud storage. One promising option is forensics as a service (FaaS), whereby cloud providers would offer the forensic steps of data acquisition and preservation as a service for purchase. FaaS still needs to address encryption, as much of the information housed is protected before upload.As part of the final deliverable for this project, you will write an analysis of how cloud computing challenges—including uses of encryption—are an issue for the field of digital forensics. You will also identify trends in combating these challenges.

    References

    National Institute of Standards and Technology (NIST). (2016) Special publication 500-317 (draft): Cloud computing and accessibility considerations. https://www.nist.gov/sites/default/files/documents…National Institute of Standards and Technology (NIST). (2011a). Special publication 500-292: Cloud computing reference architecture. http://ws680.nist.gov/publication/get_pdf.cfm?pub_…National Institute of Standards and Technology (NIST). (2013). Special publication 500-291: Cloud computing standards roadmap, volume II. http://nvlpubs.nist.gov/nistpubs/SpecialPublicatio…National Institute of Standards and Technology (NIST). (2011b). Special publication 800-145: Definition of cloud computing. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspe…National Institute of Standards and Technology (NIST). (2011c). Special publication 800-144: Guidelines on security and privacy in public cloud computing. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspe…National Institute of Standards and Technology (NIST). (2014). Special publication 500-293: US government cloud computing technology toadmap, volume I. http://nvlpubs.nist.gov/nistpubs/SpecialPublicatio…Step 5: Submit Your Final Decryption Report
    In this step, you will compile your findings on cloud computing for your report. Use the Cloud Computing Report Template to organize your findings for your organization's security operations manager. Submit your work after reading the instructions below.
    Check Your Evaluation Criteria
    Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.
    3.4: Employ software applications and analytic tools to analyze, visualize, and present data to inform decision-making.
    6.7: Access encrypted data or process data and systems that have been subjected to anti-forensics techniques.
    7.1: Conduct forensic analysis on a database system.
    7.2: Ensure evidence integrity.
    7.3: Utilize investigation techniques.
    7.4: Utilize scripting (programming).
    9.1: Examine Data Storage and Transport Technologies.
    9.2: Evaluate Enterprise Architecture.
    Take Action
    Submit your assignment to your instructor for review and feedback.
    Follow these steps to access the assignment:
    Click Activities and Assessments in the top navigation bar.
    Click Assignments.
    Select the relevant assignment..

Order Solution Now