解密键盘背后：网络取证与隐蔽通信分析

5星 · 超过95%的资源需积分: 9 103 浏览量更新于2024-07-19 收藏 8.26MB PDF 举报

"《隐藏在键盘后面》是Sygness出版的一本关于取证分析和揭露隐蔽通信技术的书籍。本书探讨了如何通过取证分析来识别并理解那些试图隐藏身份的人在计算机和移动设备上的秘密交流方式。作者Brett Shavers、John Bair以及技术编辑Larry Leibrock共同创作此书，旨在帮助调查人员克服在匿名网络行为追踪中的挑战。" 本书的核心内容集中在如何利用取证分析技术来揭示隐藏在网络背后的通信。取证分析是网络安全和犯罪调查的关键工具，它涉及收集、分析和解释电子数据以确定事实或证据。在《隐藏在键盘后面》，作者深入讨论了以下关键知识点： 1. **隐蔽通信技术**：书中详细介绍了各种用于隐藏身份和信息交换的工具和技术，如加密通信、暗网浏览器、匿名网络协议（如Tor）以及即时通讯软件中的隐私设置。 2. **数据恢复与分析**：涵盖了如何从已删除或隐藏的文件、互联网历史记录、聊天记录和电子邮件中提取信息，以重建通信链路。 3. **网络足迹追踪**：讨论了如何通过IP地址、MAC地址和其他网络标识符来追踪用户，即使他们在尝试掩盖自己的踪迹。 4. **移动设备取证**：针对智能手机和平板电脑，书中讲述了如何获取和解析这些设备上的数据，包括应用程序数据、位置信息和网络活动。 5. **心理分析与动机**：除了技术层面，本书还探讨了犯罪者的思维模式和动机，帮助调查人员理解为何有人会选择使用隐蔽通信方式。 6. **法律和伦理考虑**：在进行取证调查时，作者提醒读者必须遵循适用的法律法规，尊重隐私权，并确保收集的证据在法庭上具有合法性。 7. **案例研究**：书中可能包含实际案例，展示如何应用这些方法解决具体问题，帮助读者更好地理解和应用理论知识。 8. **最新威胁和趋势**：考虑到技术的快速发展，书中可能涵盖了最新的恶意软件、网络钓鱼和社交工程技巧，这些都是当前隐蔽通信的重要组成部分。通过阅读《隐藏在键盘后面》，读者不仅可以掌握一系列高级的取证分析技能，还能了解如何将这些技能应用于现实世界的调查中，从而更有效地对抗网络犯罪和保护网络安全。同时，书中提供的实用建议和策略有助于提升调查人员在面对复杂和匿名的网络环境时的应变能力。

About the Authors

BRETT SHAVERS

Brett Shavers is a veteran of the US Marines and former law enforcement ofﬁ-

cer of a municipal police department. He has worked just about every type of

law enforcement specialty from mountain bicycle patrol, SWAT (Special Weap-

ons and Tactics), detective, and undercover narcotics ofﬁcer in state and federal

task forces. After working undercover assignments inside and outside the United

States, Brett created the ﬁrst digital forensic lab at his police department as the

ﬁrst digital forensic examiner. Brett attended over 2000 hours of digital forensic

training courses across the country, collected more than a few certiﬁcations along

the way, and taught digital forensic analysis and investigative methods to hun-

dreds of law enforcement ofﬁcers.

Brett has been an adjunct instructor at the University of Washington’s Digital

Forensics Program, an expert witness and digital forensic consultant, a profes-

sional speaker at conferences, a blogger on digital forensics, and an honorary

member of the Computer Technology Investigators Network. He has worked

forensic cases ranging from child pornography investigations as a law enforce-

ment investigator to a wide range of civil litigation and class action lawsuits as

a digital forensic expert consultant, expert, and evidence special master. Brett’s

previous books include Placing the Suspect Behind the Keyboard and the X-Ways

Forensics Practitioner’s Guide.

JOHN BAIR

John Bair is currently employed as a detective with the Tacoma Police

Department. He began his law enforcement career with the El Paso Police

Department in 1989 after leaving the military. John created a mobile forensic

lab in 2006 and also began collateral duties as a mobile forensic instructor

with various vendors throughout the United States.

Fox Valley Technical College hired John as a contract instructor to assist in

training in the Department of Justice—Amber Alert Program. His expertise

xvi About the Authors

with mobile forensics is being utilized to teach a segment within the digital

evidence module. This targets investigators responding to scenes where chil-

dren have been abducted. In Pierce County, Washington, he began a mobile

forensic training program which is currently in its fourth year for Superior

Court prosecutors and Judical Ofﬁcers. The program stresses the technical ori-

gins of the warrant language, what to check for, validation of evidence, and

how to present this dynamic content in court.

John recently created a mobile forensic program at the University of Washing-

ton, Tacoma (UWT). His lecture materials are covered in three different courses,

which range from logical fundamentals, physical decoding, and advanced

destructive techniques. All courses utilize manuals that he has authored and

involve current and past case techniques.

As a contract instructor, he has instructed at various federal labs within the

United States (Secret Service, Immigrations and Customs Enforcement). He

has presented on mobile evidence as a guest speaker at Paraben’s Innovative

Conference, Washington State Association of Prosecuting Attorneys’ (WAPA)

Summit, and the Computer Technology Investigations Network Digital Foren-

sics Conference. Recently he spoke at the 16th Annual Conference on Informa-

tion Technology Education and at the 4th Annual Research in IT Conference in

Chicago, Illinois. These conferences are sponsored by the ACM Special Interest

Group for Information Technology Education (SIGITE). John and two other

professors from the UWT recently coauthored a paper regarding the current

mobile forensic program.

John has 31 certiﬁcations related to digital evidence. The following reﬂect the

most signiﬁcant related to mobile forensics: Cellebrite Certiﬁed Mobile Examiner

(CCME), Mobile Forensics Certiﬁed Examiner (MFCE), Cellebrite Certiﬁed Logical

Operator (CCLO), Cellebrite Certiﬁed Physical Analyst (CCPA), AccessData Certi-

ﬁed Examiner (ACE), Cellebrite Mobile Forensics Fundamentals (CMFF), Access-

Data Mobile Examiner (AME), and Cellebrite Certiﬁed Task Instructor (CCTI).

xvii

Acknowledgments

I would like to thank John Bair for his work as a coauthor. John’s expertise in

mobile device forensics is beyond comparison, and this book beneﬁted greatly

from his experience. I was fortunate to have Larry Leibrock as the book’s tech

editor. Larry’s extensive experience across a wide range of positions in dig-

ital forensics and his willingness to provide technical edits for content was

invaluable.

I am humbled by Larry Johnson’s foreword who wears many hats in my life

as my attorney, advisor, conﬁdant, and friend. I also want to give appreciation

to other experts in the industry for taking the time to review, give input, and

make sure that the book is relevant in topic and material—Chris McNulty of

the Seattle Police Department, Tim Carver of Trine University, and Steve Beltz

of T-Mobile. Every suggestion, recommendation, and comment was taken to

heart and appreciated. And if not for Anna Valutkevich of Syngress, this book

would have taken twice as long to ﬁnish and been half as good as it is.

Certainly not a day goes by that I do not thank my wife Chikae for her support.

Although she may think I am her supporter, my strength comes from her to get

things done right, no matter the obstacles. Of all my luck and timing, she has

always been, and will always be, my precious treasure.

Brett Shavers

Brett Shavers was introduced to me while working on a project at the Univer-

sity of Washington. Many months later, Brett approached me and requested

that I help write a few words regarding mobile forensics. I was quite humbled

and agreed. Because of Brett, I have had to try and articulate a couple of things

that may in turn help others. It is for that reason that Brett deserves nearly all

of my thanks.

The remainder of my gratitude goes to my family. My late father, who spent

44 years with Bell and Mountain Bell Telephone—he gave me my passion

for electronics. Today I have my current team which consists of Alexa, Zack,

Hannah, Daisy, and Dexter (the last two on the list being of the K-9 persuasion).

Hiding Behind the Keyboard. http://dx.doi.org/10.1016/B978-0-12-803340-1.00001-X

CHAPTER 1

INTRODUCTION

You have probably taken communication courses in either high school or college

and been taught how to effectively communicate in business and personal rela-

tionships. These types of communication courses are valuable in many aspects,

but do not relate to the investigative methods you will see in this book. I intend

to give you sufﬁcient and necessary principles, concepts, and practical methods

to not only uncover covert communications but also determine the content of

the conversations using both forensic analysis and interpretation of data.

You will notice that much of the information in this book details “how to com-

municate anonymously and covertly” alongside with “how to ﬁnd anonymous

and covert communications.” Unlike driving a car where you do not need to

know engines or transmissions work, as an investigator, you do need to under-

stand how these types of communications take place in order to understand

the methods to uncover and analyze them. The technical explanations may be

beyond the scope of a nonforensic investigator, but do not be discouraged as

you read the descriptions and methods. Investigators need to know how cer-

tain methods are used in order to look for them during investigations.

Fair warning, there will be communications that you will not be able to ﬁnd

or decipher if found in the course of your examination. Even the communica-

tions you uncover and decipher may not be directly attributed to your targets

technology and good old-fashioned spy tradecraft works well to hide commu-

nications from the sets of prying eyes. We are going after the covert commu-

nications that can be found with gumshoe detective work to be analyzed and

deciphered with effective uses of both technology and brain power. We are also

hoping to ﬁnd communication mistakes made by your targets. Given a 100

communication efforts using a dozen different types of methods, there is a risk

of failure by your targets in one or more of their communication deliveries.

These mistakes are more than freebies for your investigation; their contents are

potentially a goldmine of information. As will be shown, having found one

key bit of evidence can unlock an entire chain of communications.

Laying the Foundation of Covert

Communications

剩余255页未读，继续阅读

csdn_user01

粉丝: 14
资源: 40

解密键盘背后：网络取证与隐蔽通信分析

Hiding Behind the Keyboard Uncovering Covert Communication Methods with 无水印pdf

jacob Hiding the application window is not allowed

PickUpItem.transform' hides inherited member 'Component.transform'. Use the new keyword if hiding was intended.

thinking in java纯英文版目录

hiding images in plain sight

opaque handle

**warning** (netrw) your hiding list is empty!

What is the LSB technique in steganography?

What is the difference between “display: none” and “visibility: hidden”, when used as attributes to the HTML element.Verify your answer with your own examples.

steganogan: high capacity image steganography with gans

最新资源

warning (netrw) your hiding list is empty!